Package Instance

reference_id

AVG-2852

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2853

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2024-3566

reference_url	https://security.gentoo.org/glsa/202505-11
reference_id	GLSA-202505-11
reference_type
scores
url	https://security.gentoo.org/glsa/202505-11

reference_url	https://access.redhat.com/errata/RHSA-2024:2778
reference_id	RHSA-2024:2778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2778

reference_url	https://access.redhat.com/errata/RHSA-2024:2779
reference_id	RHSA-2024:2779
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2779

reference_url	https://access.redhat.com/errata/RHSA-2024:2780
reference_id	RHSA-2024:2780
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2780

reference_url	https://access.redhat.com/errata/RHSA-2024:2853
reference_id	RHSA-2024:2853
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2853

reference_url	https://access.redhat.com/errata/RHSA-2024:2910
reference_id	RHSA-2024:2910
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2910

reference_url	https://access.redhat.com/errata/RHSA-2024:3545
reference_id	RHSA-2024:3545
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3545

reference_url	https://access.redhat.com/errata/RHSA-2024:4559
reference_id	RHSA-2024:4559
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4559

fixed_packages

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.20.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@18.20.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2024-27982

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2z1f-7jkw-17av

url VCID-35e4-h5zk-5ffn

vulnerability_id VCID-35e4-h5zk-5ffn

summary A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.

references

reference_url

reference_id

reference_type

scores

value	0.0709
scoring_system	epss
scoring_elements	0.91485
published_at	2026-04-02T12:55:00Z

value	0.0709
scoring_system	epss
scoring_elements	0.91546
published_at	2026-04-16T12:55:00Z

value	0.0709
scoring_system	epss
scoring_elements	0.91526
published_at	2026-04-12T12:55:00Z

value	0.0709
scoring_system	epss
scoring_elements	0.91524
published_at	2026-04-13T12:55:00Z

value	0.0709
scoring_system	epss
scoring_elements	0.91519
published_at	2026-04-09T12:55:00Z

value	0.0709
scoring_system	epss
scoring_elements	0.91513
published_at	2026-04-08T12:55:00Z

value	0.0709
scoring_system	epss
scoring_elements	0.915
published_at	2026-04-07T12:55:00Z

value	0.0709
scoring_system	epss
scoring_elements	0.91492
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-3566

reference_url

https://kb.cert.org/vuls/id/123335

reference_id

123335

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-15T16:13:02Z/

url

https://kb.cert.org/vuls/id/123335

reference_url

https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/

reference_id

batbadbut-you-cant-securely-execute-commands-on-windows

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-15T16:13:02Z/

url

https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/

reference_url

https://www.cve.org/CVERecord?id=CVE-2024-1874

reference_id

CVERecord?id=CVE-2024-1874

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-15T16:13:02Z/

url

https://www.cve.org/CVERecord?id=CVE-2024-1874

reference_url

https://www.cve.org/CVERecord?id=CVE-2024-22423

reference_id

CVERecord?id=CVE-2024-22423

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-15T16:13:02Z/

url

https://www.cve.org/CVERecord?id=CVE-2024-22423

reference_url

https://www.cve.org/CVERecord?id=CVE-2024-24576

reference_id

CVERecord?id=CVE-2024-24576

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-15T16:13:02Z/

url

https://www.cve.org/CVERecord?id=CVE-2024-24576

reference_url

https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way

reference_id

everyone-quotes-command-line-arguments-the-wrong-way

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-15T16:13:02Z/

url

https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2024-3566

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-35e4-h5zk-5ffn

url VCID-39c4-njbs-pyeq

vulnerability_id VCID-39c4-njbs-pyeq

summary

Multiple vulnerabilities have been found in NodeJS, the worst of
    which could result in the arbitrary execution of code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8251.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8251.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8251

reference_id

reference_type

scores

value	0.04991
scoring_system	epss
scoring_elements	0.89658
published_at	2026-04-01T12:55:00Z

value	0.04991
scoring_system	epss
scoring_elements	0.8966
published_at	2026-04-02T12:55:00Z

value	0.04991
scoring_system	epss
scoring_elements	0.89675
published_at	2026-04-04T12:55:00Z

value	0.04991
scoring_system	epss
scoring_elements	0.89677
published_at	2026-04-07T12:55:00Z

value	0.04991
scoring_system	epss
scoring_elements	0.89695
published_at	2026-04-08T12:55:00Z

value	0.04991
scoring_system	epss
scoring_elements	0.897
published_at	2026-04-13T12:55:00Z

value	0.04991
scoring_system	epss
scoring_elements	0.89708
published_at	2026-04-11T12:55:00Z

value	0.04991
scoring_system	epss
scoring_elements	0.89706
published_at	2026-04-12T12:55:00Z

value	0.04991
scoring_system	epss
scoring_elements	0.89715
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8251

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1879314
reference_id	1879314
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1879314

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2020-8251

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-39c4-njbs-pyeq

url VCID-3j17-wsqw-hucs

vulnerability_id VCID-3j17-wsqw-hucs

summary NodeJS: HTTP Pipelining DoS

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4450.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4450.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4450

reference_id

reference_type

scores

value	0.68714
scoring_system	epss
scoring_elements	0.98608
published_at	2026-04-01T12:55:00Z

value	0.68714
scoring_system	epss
scoring_elements	0.9861
published_at	2026-04-02T12:55:00Z

value	0.68714
scoring_system	epss
scoring_elements	0.98613
published_at	2026-04-04T12:55:00Z

value	0.68714
scoring_system	epss
scoring_elements	0.98615
published_at	2026-04-07T12:55:00Z

value	0.68714
scoring_system	epss
scoring_elements	0.98617
published_at	2026-04-08T12:55:00Z

value	0.68714
scoring_system	epss
scoring_elements	0.98618
published_at	2026-04-09T12:55:00Z

value	0.68714
scoring_system	epss
scoring_elements	0.98621
published_at	2026-04-12T12:55:00Z

value	0.68714
scoring_system	epss
scoring_elements	0.98623
published_at	2026-04-13T12:55:00Z

value	0.68714
scoring_system	epss
scoring_elements	0.98626
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4450

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4450
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4450

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1021170
reference_id	1021170
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1021170

reference_url	https://access.redhat.com/errata/RHSA-2013:1842
reference_id	RHSA-2013:1842
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1842

fixed_packages

url	pkg:deb/debian/nodejs@0.10.21~dfsg1-1?distro=trixie
purl	pkg:deb/debian/nodejs@0.10.21~dfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0.10.21~dfsg1-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2013-4450

risk_score 1.2

exploitability 2.0

weighted_severity 0.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3j17-wsqw-hucs

url VCID-3nb1-jud1-rkgk

vulnerability_id VCID-3nb1-jud1-rkgk

summary nodejs: `Buffer` to UTF8 `String` conversion DoS

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5380.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5380.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-5380

reference_id

reference_type

scores

value	0.0062
scoring_system	epss
scoring_elements	0.69972
published_at	2026-04-01T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.69984
published_at	2026-04-02T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.69999
published_at	2026-04-04T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.69975
published_at	2026-04-07T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70024
published_at	2026-04-08T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.7004
published_at	2026-04-09T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70063
published_at	2026-04-11T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70048
published_at	2026-04-12T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70035
published_at	2026-04-13T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70078
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5380

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1239332
reference_id	1239332
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1239332

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2015-5380

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3nb1-jud1-rkgk

url VCID-3v19-cq1w-y3cz

vulnerability_id VCID-3v19-cq1w-y3cz

summary nodejs: Vulnerable to CVE-2017-3737 due to embedded OpenSSL

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15896.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15896.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15896

reference_id

reference_type

scores

value	0.00161
scoring_system	epss
scoring_elements	0.37066
published_at	2026-04-16T12:55:00Z

value	0.00161
scoring_system	epss
scoring_elements	0.37059
published_at	2026-04-08T12:55:00Z

value	0.00161
scoring_system	epss
scoring_elements	0.37072
published_at	2026-04-09T12:55:00Z

value	0.00161
scoring_system	epss
scoring_elements	0.37081
published_at	2026-04-11T12:55:00Z

value	0.00161
scoring_system	epss
scoring_elements	0.37048
published_at	2026-04-12T12:55:00Z

value	0.00161
scoring_system	epss
scoring_elements	0.37021
published_at	2026-04-13T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40259
published_at	2026-04-04T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40181
published_at	2026-04-07T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40086
published_at	2026-04-01T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40235
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15896

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:N

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1525106
reference_id	1525106
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1525106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*
reference_id	cpe:2.3:a:nodejs:node.js:::::-:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::lts:::*
reference_id	cpe:2.3:a:nodejs:node.js:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::lts:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-15896

reference_id

CVE-2017-15896

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:N

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-15896

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2017-15896

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3v19-cq1w-y3cz

url VCID-3vdn-6af1-k3g6

vulnerability_id VCID-3vdn-6af1-k3g6

summary

Multiple vulnerabilities have been found in Node.js, worst of which
    could allow remote attackers to write arbitrary files.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7161.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7161.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-7161

reference_id

reference_type

scores

value	0.01092
scoring_system	epss
scoring_elements	0.779
published_at	2026-04-01T12:55:00Z

value	0.01092
scoring_system	epss
scoring_elements	0.77992
published_at	2026-04-16T12:55:00Z

value	0.01092
scoring_system	epss
scoring_elements	0.77975
published_at	2026-04-11T12:55:00Z

value	0.01092
scoring_system	epss
scoring_elements	0.77959
published_at	2026-04-12T12:55:00Z

value	0.01092
scoring_system	epss
scoring_elements	0.77957
published_at	2026-04-13T12:55:00Z

value	0.01092
scoring_system	epss
scoring_elements	0.77907
published_at	2026-04-02T12:55:00Z

value	0.01092
scoring_system	epss
scoring_elements	0.77934
published_at	2026-04-04T12:55:00Z

value	0.01092
scoring_system	epss
scoring_elements	0.77917
published_at	2026-04-07T12:55:00Z

value	0.01092
scoring_system	epss
scoring_elements	0.77944
published_at	2026-04-08T12:55:00Z

value	0.01092
scoring_system	epss
scoring_elements	0.77948
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-7161

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7161
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7161

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/

reference_url	https://security.gentoo.org/glsa/202003-48
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/202003-48

reference_url	http://www.securityfocus.com/bid/106363
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106363

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1591013
reference_id	1591013
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1591013

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*
reference_id	cpe:2.3:a:nodejs:node.js:::::-:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::lts:::*
reference_id	cpe:2.3:a:nodejs:node.js:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::lts:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-7161

reference_id

CVE-2018-7161

reference_type

scores

value	7.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:C

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-7161

reference_url	https://access.redhat.com/errata/RHSA-2018:2949
reference_id	RHSA-2018:2949
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2949

fixed_packages

url	pkg:deb/debian/nodejs@10.15.0~dfsg-6?distro=trixie
purl	pkg:deb/debian/nodejs@10.15.0~dfsg-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.15.0~dfsg-6%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2018-7161

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3vdn-6af1-k3g6

url VCID-43sf-4r41-wugc

vulnerability_id VCID-43sf-4r41-wugc

summary nodejs: Nodejs filesystem permissions bypass

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55132.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55132.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-55132

reference_id

reference_type

scores

value	0.0001
scoring_system	epss
scoring_elements	0.01084
published_at	2026-04-02T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01068
published_at	2026-04-16T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.0108
published_at	2026-04-11T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01073
published_at	2026-04-12T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01075
published_at	2026-04-13T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01085
published_at	2026-04-04T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01091
published_at	2026-04-07T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01096
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-55132

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55132
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55132

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2431338
reference_id	2431338
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2431338

reference_url

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases

reference_id

december-2025-security-releases

reference_type

scores

value	2.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T18:38:44Z/

url

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2026:1842
reference_id	RHSA-2026:1842
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1842

reference_url	https://access.redhat.com/errata/RHSA-2026:1843
reference_id	RHSA-2026:1843
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1843

reference_url	https://access.redhat.com/errata/RHSA-2026:2420
reference_id	RHSA-2026:2420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2420

reference_url	https://access.redhat.com/errata/RHSA-2026:2421
reference_id	RHSA-2026:2421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2421

reference_url	https://access.redhat.com/errata/RHSA-2026:2422
reference_id	RHSA-2026:2422
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2422

reference_url	https://access.redhat.com/errata/RHSA-2026:2781
reference_id	RHSA-2026:2781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2781

reference_url	https://access.redhat.com/errata/RHSA-2026:2782
reference_id	RHSA-2026:2782
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2782

reference_url	https://access.redhat.com/errata/RHSA-2026:2783
reference_id	RHSA-2026:2783
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2783

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.0%2Bdfsg%2B~cs22.19.6-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.0%2Bdfsg%2B~cs22.19.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.0%252Bdfsg%252B~cs22.19.6-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2025-55132

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-43sf-4r41-wugc

url VCID-4ak9-89fm-ybh2

vulnerability_id VCID-4ak9-89fm-ybh2

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30582.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30582.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-30582

reference_id

reference_type

scores

value	0.00098
scoring_system	epss
scoring_elements	0.2715
published_at	2026-04-02T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27003
published_at	2026-04-16T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27052
published_at	2026-04-12T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26994
published_at	2026-04-13T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27187
published_at	2026-04-04T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26978
published_at	2026-04-07T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27047
published_at	2026-04-08T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27092
published_at	2026-04-09T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27095
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-30582

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2219832
reference_id	2219832
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2219832

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url

https://nodejs.org/en/blog/vulnerability/june-2023-security-releases

reference_id

june-2023-security-releases

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-09T18:09:51Z/

url

https://nodejs.org/en/blog/vulnerability/june-2023-security-releases

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2023-30582

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4ak9-89fm-ybh2

url VCID-4cbr-u3tr-pfdr

vulnerability_id VCID-4cbr-u3tr-pfdr

summary nodejs: wildcard certificates not properly validated

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7099.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7099.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-7099

reference_id

reference_type

scores

value	0.00718
scoring_system	epss
scoring_elements	0.72385
published_at	2026-04-07T12:55:00Z

value	0.00718
scoring_system	epss
scoring_elements	0.7239
published_at	2026-04-02T12:55:00Z

value	0.00718
scoring_system	epss
scoring_elements	0.72408
published_at	2026-04-04T12:55:00Z

value	0.00718
scoring_system	epss
scoring_elements	0.72424
published_at	2026-04-08T12:55:00Z

value	0.00718
scoring_system	epss
scoring_elements	0.72436
published_at	2026-04-09T12:55:00Z

value	0.00718
scoring_system	epss
scoring_elements	0.72459
published_at	2026-04-11T12:55:00Z

value	0.00718
scoring_system	epss
scoring_elements	0.72442
published_at	2026-04-12T12:55:00Z

value	0.00718
scoring_system	epss
scoring_elements	0.72432
published_at	2026-04-13T12:55:00Z

value	0.00718
scoring_system	epss
scoring_elements	0.72473
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-7099

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7099
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7099

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:C/I:C/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1379921
reference_id	1379921
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1379921

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839714
reference_id	839714
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839714

reference_url	https://access.redhat.com/errata/RHSA-2017:0002
reference_id	RHSA-2017:0002
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0002

reference_url	https://usn.ubuntu.com/USN-4796-1/
reference_id	USN-USN-4796-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4796-1/

fixed_packages

url	pkg:deb/debian/nodejs@4.6.0~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@4.6.0~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@4.6.0~dfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2016-7099

risk_score 3.4

exploitability 0.5

weighted_severity 6.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4cbr-u3tr-pfdr

url VCID-4dhf-bpv6-a3e1

vulnerability_id VCID-4dhf-bpv6-a3e1

summary

Multiple vulnerabilities have been found in Node.js, worst of which
    could allow remote attackers to write arbitrary files.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15604.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15604.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-15604

reference_id

reference_type

scores

value	0.03533
scoring_system	epss
scoring_elements	0.87611
published_at	2026-04-01T12:55:00Z

value	0.03533
scoring_system	epss
scoring_elements	0.87621
published_at	2026-04-02T12:55:00Z

value	0.03533
scoring_system	epss
scoring_elements	0.87634
published_at	2026-04-04T12:55:00Z

value	0.03533
scoring_system	epss
scoring_elements	0.87636
published_at	2026-04-07T12:55:00Z

value	0.03533
scoring_system	epss
scoring_elements	0.87656
published_at	2026-04-08T12:55:00Z

value	0.03533
scoring_system	epss
scoring_elements	0.87662
published_at	2026-04-09T12:55:00Z

value	0.03533
scoring_system	epss
scoring_elements	0.87673
published_at	2026-04-11T12:55:00Z

value	0.03533
scoring_system	epss
scoring_elements	0.87669
published_at	2026-04-12T12:55:00Z

value	0.03533
scoring_system	epss
scoring_elements	0.87666
published_at	2026-04-13T12:55:00Z

value	0.03533
scoring_system	epss
scoring_elements	0.87681
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-15604

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1800367
reference_id	1800367
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1800367

reference_url	https://access.redhat.com/errata/RHSA-2020:0598
reference_id	RHSA-2020:0598
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0598

reference_url	https://usn.ubuntu.com/6380-1/
reference_id	USN-6380-1
reference_type
scores
url	https://usn.ubuntu.com/6380-1/

fixed_packages

url	pkg:deb/debian/nodejs@10.19.0~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@10.19.0~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.19.0~dfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2019-15604

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4dhf-bpv6-a3e1

url VCID-4khc-2nz3-ckhr

vulnerability_id VCID-4khc-2nz3-ckhr

summary

Multiple vulnerabilities have been found in Node.js, worst of which
    could allow remote attackers to write arbitrary files.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7164.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7164.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-7164

reference_id

reference_type

scores

value	0.01074
scoring_system	epss
scoring_elements	0.77708
published_at	2026-04-01T12:55:00Z

value	0.01074
scoring_system	epss
scoring_elements	0.77805
published_at	2026-04-16T12:55:00Z

value	0.01074
scoring_system	epss
scoring_elements	0.77769
published_at	2026-04-12T12:55:00Z

value	0.01074
scoring_system	epss
scoring_elements	0.77768
published_at	2026-04-13T12:55:00Z

value	0.01074
scoring_system	epss
scoring_elements	0.77715
published_at	2026-04-02T12:55:00Z

value	0.01074
scoring_system	epss
scoring_elements	0.77742
published_at	2026-04-04T12:55:00Z

value	0.01074
scoring_system	epss
scoring_elements	0.77725
published_at	2026-04-07T12:55:00Z

value	0.01074
scoring_system	epss
scoring_elements	0.77753
published_at	2026-04-08T12:55:00Z

value	0.01074
scoring_system	epss
scoring_elements	0.77758
published_at	2026-04-09T12:55:00Z

value	0.01074
scoring_system	epss
scoring_elements	0.77785
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-7164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7164
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7164

reference_url	https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/

reference_url	https://security.gentoo.org/glsa/202003-48
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/202003-48

reference_url	http://www.securityfocus.com/bid/104463
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104463

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1591023
reference_id	1591023
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1591023

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js::::::::
reference_id	cpe:2.3:a:nodejs:node.js::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-7164

reference_id

CVE-2018-7164

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-7164

fixed_packages

url	pkg:deb/debian/nodejs@10.15.0~dfsg-6?distro=trixie
purl	pkg:deb/debian/nodejs@10.15.0~dfsg-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.15.0~dfsg-6%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2018-7164

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4khc-2nz3-ckhr

url VCID-5397-fjce-pbbg

vulnerability_id VCID-5397-fjce-pbbg

summary The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-2330

reference_id

reference_type

scores

value	0.0062
scoring_system	epss
scoring_elements	0.6997
published_at	2026-04-01T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.69983
published_at	2026-04-02T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.69997
published_at	2026-04-04T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.69974
published_at	2026-04-07T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70022
published_at	2026-04-08T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70038
published_at	2026-04-09T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70062
published_at	2026-04-11T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70046
published_at	2026-04-12T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70033
published_at	2026-04-13T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70076
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2330

fixed_packages

url	pkg:deb/debian/nodejs@0.6.17~dfsg1-1?distro=trixie
purl	pkg:deb/debian/nodejs@0.6.17~dfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0.6.17~dfsg1-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2012-2330

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5397-fjce-pbbg

url VCID-53xm-8w84-93cx

vulnerability_id VCID-53xm-8w84-93cx

summary Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22930.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22930.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22930

reference_id

reference_type

scores

value	0.00323
scoring_system	epss
scoring_elements	0.55216
published_at	2026-04-01T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55378
published_at	2026-04-16T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55361
published_at	2026-04-12T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55342
published_at	2026-04-13T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55315
published_at	2026-04-02T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55339
published_at	2026-04-04T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55321
published_at	2026-04-07T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55371
published_at	2026-04-09T12:55:00Z

value	0.00323
scoring_system	epss
scoring_elements	0.55382
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22930

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1988394
reference_id	1988394
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1988394

reference_url	https://security.archlinux.org/ASA-202108-1
reference_id	ASA-202108-1
reference_type
scores
url	https://security.archlinux.org/ASA-202108-1

reference_url

https://security.archlinux.org/AVG-2239

reference_id

AVG-2239

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2239

reference_url	https://security.gentoo.org/glsa/202401-02
reference_id	GLSA-202401-02
reference_type
scores
url	https://security.gentoo.org/glsa/202401-02

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2021:3280
reference_id	RHSA-2021:3280
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3280

reference_url	https://access.redhat.com/errata/RHSA-2021:3281
reference_id	RHSA-2021:3281
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3281

reference_url	https://access.redhat.com/errata/RHSA-2021:3623
reference_id	RHSA-2021:3623
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3623

reference_url	https://access.redhat.com/errata/RHSA-2021:3638
reference_id	RHSA-2021:3638
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3638

reference_url	https://access.redhat.com/errata/RHSA-2021:3639
reference_id	RHSA-2021:3639
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3639

reference_url	https://access.redhat.com/errata/RHSA-2021:3666
reference_id	RHSA-2021:3666
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3666

fixed_packages

url	pkg:deb/debian/nodejs@12.22.4~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.4~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.4~dfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@12.22.5~dfsg-2~11u1?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.5~dfsg-2~11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.5~dfsg-2~11u1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2021-22930

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-53xm-8w84-93cx

url VCID-5afy-ud31-hbaw

vulnerability_id VCID-5afy-ud31-hbaw

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21890.json

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21890.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-21890

reference_id

reference_type

scores

value	0.01439
scoring_system	epss
scoring_elements	0.80748
published_at	2026-04-16T12:55:00Z

value	0.01439
scoring_system	epss
scoring_elements	0.80683
published_at	2026-04-04T12:55:00Z

value	0.01439
scoring_system	epss
scoring_elements	0.80679
published_at	2026-04-07T12:55:00Z

value	0.01439
scoring_system	epss
scoring_elements	0.80707
published_at	2026-04-08T12:55:00Z

value	0.01439
scoring_system	epss
scoring_elements	0.80717
published_at	2026-04-09T12:55:00Z

value	0.01439
scoring_system	epss
scoring_elements	0.80734
published_at	2026-04-11T12:55:00Z

value	0.01439
scoring_system	epss
scoring_elements	0.8072
published_at	2026-04-12T12:55:00Z

value	0.01439
scoring_system	epss
scoring_elements	0.80712
published_at	2026-04-13T12:55:00Z

value	0.01439
scoring_system	epss
scoring_elements	0.80662
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-21890

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/2257156

reference_id

2257156

reference_type

scores

value	5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T16:50:11Z/

url

https://hackerone.com/reports/2257156

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2265722
reference_id	2265722
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2265722

reference_url	https://security.gentoo.org/glsa/202505-11
reference_id	GLSA-202505-11
reference_type
scores
url	https://security.gentoo.org/glsa/202505-11

reference_url

https://security.netapp.com/advisory/ntap-20240315-0002/

reference_id

ntap-20240315-0002

reference_type

scores

value	5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T16:50:11Z/

url

https://security.netapp.com/advisory/ntap-20240315-0002/

reference_url	https://access.redhat.com/errata/RHSA-2024:1687
reference_id	RHSA-2024:1687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1687

reference_url	https://access.redhat.com/errata/RHSA-2024:1688
reference_id	RHSA-2024:1688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1688

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2024-21890

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5afy-ud31-hbaw

url VCID-5cf7-va9h-h3gy

vulnerability_id VCID-5cf7-va9h-h3gy

summary

Improper Certificate Validation
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js does not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44531.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44531.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44531

reference_id

reference_type

scores

value	0.00076
scoring_system	epss
scoring_elements	0.22783
published_at	2026-04-01T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22952
published_at	2026-04-02T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22996
published_at	2026-04-04T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22789
published_at	2026-04-07T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22863
published_at	2026-04-08T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22916
published_at	2026-04-09T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22936
published_at	2026-04-11T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22899
published_at	2026-04-12T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22843
published_at	2026-04-13T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22856
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44531

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/1429694
reference_id
reference_type
scores
url	https://hackerone.com/reports/1429694

reference_url	https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/

reference_url	https://security.netapp.com/advisory/ntap-20220325-0007/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220325-0007/

reference_url	https://www.debian.org/security/2022/dsa-5170
reference_id
reference_type
scores
url	https://www.debian.org/security/2022/dsa-5170

reference_url	https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url	https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177
reference_id	1004177
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2040839
reference_id	2040839
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2040839

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-44531
reference_id	CVE-2021-44531
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-44531

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2022:4914
reference_id	RHSA-2022:4914
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4914

reference_url	https://access.redhat.com/errata/RHSA-2022:7044
reference_id	RHSA-2022:7044
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7044

reference_url	https://access.redhat.com/errata/RHSA-2022:7830
reference_id	RHSA-2022:7830
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7830

reference_url	https://access.redhat.com/errata/RHSA-2022:9073
reference_id	RHSA-2022:9073
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9073

reference_url	https://access.redhat.com/errata/RHSA-2023:1742
reference_id	RHSA-2023:1742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1742

reference_url	https://access.redhat.com/errata/RHSA-2023:3742
reference_id	RHSA-2023:3742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3742

fixed_packages

url	pkg:deb/debian/nodejs@12.22.9~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.9~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.9~dfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2021-44531

risk_score 3.4

exploitability 0.5

weighted_severity 6.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5cf7-va9h-h3gy

url VCID-67xm-uc9p-y7f2

vulnerability_id VCID-67xm-uc9p-y7f2

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22020.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22020.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-22020

reference_id

reference_type

scores

value	0.00133
scoring_system	epss
scoring_elements	0.32867
published_at	2026-04-16T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32989
published_at	2026-04-04T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32811
published_at	2026-04-07T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32859
published_at	2026-04-08T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32888
published_at	2026-04-09T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32889
published_at	2026-04-11T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32851
published_at	2026-04-12T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32825
published_at	2026-04-13T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32954
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-22020

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/2092749

reference_id

2092749

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T03:55:30Z/

url

https://hackerone.com/reports/2092749

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2296417
reference_id	2296417
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2296417

reference_url

http://www.openwall.com/lists/oss-security/2024/07/19/3

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T03:55:30Z/

url

http://www.openwall.com/lists/oss-security/2024/07/19/3

reference_url

http://www.openwall.com/lists/oss-security/2024/07/11/6

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T03:55:30Z/

url

http://www.openwall.com/lists/oss-security/2024/07/11/6

reference_url	https://security.gentoo.org/glsa/202505-11
reference_id	GLSA-202505-11
reference_type
scores
url	https://security.gentoo.org/glsa/202505-11

reference_url	https://access.redhat.com/errata/RHSA-2024:5814
reference_id	RHSA-2024:5814
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5814

reference_url	https://access.redhat.com/errata/RHSA-2024:5815
reference_id	RHSA-2024:5815
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5815

reference_url	https://access.redhat.com/errata/RHSA-2024:6147
reference_id	RHSA-2024:6147
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6147

reference_url	https://access.redhat.com/errata/RHSA-2024:6148
reference_id	RHSA-2024:6148
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6148

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.15.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.15.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.15.1%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2024-22020

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-67xm-uc9p-y7f2

url VCID-6uyn-fy9v-c3gx

vulnerability_id VCID-6uyn-fy9v-c3gx

summary

Uncontrolled Resource Consumption
Node.js allows remote attackers to cause a denial of service.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7384.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7384.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-7384

reference_id

reference_type

scores

value	0.0085
scoring_system	epss
scoring_elements	0.74915
published_at	2026-04-16T12:55:00Z

value	0.0085
scoring_system	epss
scoring_elements	0.74888
published_at	2026-04-12T12:55:00Z

value	0.0085
scoring_system	epss
scoring_elements	0.74879
published_at	2026-04-13T12:55:00Z

value	0.0085
scoring_system	epss
scoring_elements	0.74836
published_at	2026-04-01T12:55:00Z

value	0.0085
scoring_system	epss
scoring_elements	0.74838
published_at	2026-04-02T12:55:00Z

value	0.0085
scoring_system	epss
scoring_elements	0.74867
published_at	2026-04-04T12:55:00Z

value	0.0085
scoring_system	epss
scoring_elements	0.7484
published_at	2026-04-07T12:55:00Z

value	0.0085
scoring_system	epss
scoring_elements	0.74873
published_at	2026-04-08T12:55:00Z

value	0.0085
scoring_system	epss
scoring_elements	0.74886
published_at	2026-04-09T12:55:00Z

value	0.0085
scoring_system	epss
scoring_elements	0.7491
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7384

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7384
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7384

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:N/A:C

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/nodejs/node/issues/3138
reference_id
reference_type
scores
url	https://github.com/nodejs/node/issues/3138

reference_url	http://www.securityfocus.com/bid/101260
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101260

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1268791
reference_id	1268791
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1268791

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800580
reference_id	800580
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800580

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.0.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:4.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:4.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.1:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:4.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-7384

reference_id

CVE-2015-7384

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7384

fixed_packages

url	pkg:deb/debian/nodejs@4.1.1~dfsg-3?distro=trixie
purl	pkg:deb/debian/nodejs@4.1.1~dfsg-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@4.1.1~dfsg-3%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2015-7384

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6uyn-fy9v-c3gx

url VCID-7cth-47w2-17hy

vulnerability_id VCID-7cth-47w2-17hy

summary Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22940.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22940.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22940

reference_id

reference_type

scores

value	0.00386
scoring_system	epss
scoring_elements	0.59679
published_at	2026-04-01T12:55:00Z

value	0.00386
scoring_system	epss
scoring_elements	0.59834
published_at	2026-04-16T12:55:00Z

value	0.00386
scoring_system	epss
scoring_elements	0.59815
published_at	2026-04-12T12:55:00Z

value	0.00386
scoring_system	epss
scoring_elements	0.59797
published_at	2026-04-13T12:55:00Z

value	0.00386
scoring_system	epss
scoring_elements	0.59753
published_at	2026-04-02T12:55:00Z

value	0.00386
scoring_system	epss
scoring_elements	0.59777
published_at	2026-04-04T12:55:00Z

value	0.00386
scoring_system	epss
scoring_elements	0.59747
published_at	2026-04-07T12:55:00Z

value	0.00386
scoring_system	epss
scoring_elements	0.59799
published_at	2026-04-08T12:55:00Z

value	0.00386
scoring_system	epss
scoring_elements	0.59812
published_at	2026-04-09T12:55:00Z

value	0.00386
scoring_system	epss
scoring_elements	0.59831
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22940

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1993029
reference_id	1993029
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1993029

reference_url

reference_id

AVG-2283

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23918.json

reference_url	https://security.gentoo.org/glsa/202401-02
reference_id	GLSA-202401-02
reference_type
scores
url	https://security.gentoo.org/glsa/202401-02

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2021:3280
reference_id	RHSA-2021:3280
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3280

reference_url	https://access.redhat.com/errata/RHSA-2021:3281
reference_id	RHSA-2021:3281
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3281

reference_url	https://access.redhat.com/errata/RHSA-2021:3623
reference_id	RHSA-2021:3623
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3623

reference_url	https://access.redhat.com/errata/RHSA-2021:3638
reference_id	RHSA-2021:3638
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3638

reference_url	https://access.redhat.com/errata/RHSA-2021:3639
reference_id	RHSA-2021:3639
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3639

reference_url	https://access.redhat.com/errata/RHSA-2021:3666
reference_id	RHSA-2021:3666
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3666

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url	pkg:deb/debian/nodejs@12.22.5~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.5~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.5~dfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2021-22940

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7cth-47w2-17hy

url VCID-7nnu-jtjx-u3ff

vulnerability_id VCID-7nnu-jtjx-u3ff

summary Node.js: Permissions policies can be bypassed via process.mainModule

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23918.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-23918

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.05429
published_at	2026-04-16T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05479
published_at	2026-04-13T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05469
published_at	2026-04-07T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05505
published_at	2026-04-08T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05526
published_at	2026-04-09T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.055
published_at	2026-04-11T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05486
published_at	2026-04-12T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05463
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-23918

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834
reference_id	1031834
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2171935
reference_id	2171935
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2171935

reference_url

https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/

reference_id

february-2023-security-releases

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T17:47:16Z/

url

https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/

reference_url

https://security.netapp.com/advisory/ntap-20230316-0008/

reference_id

ntap-20230316-0008

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T17:47:16Z/

url

https://security.netapp.com/advisory/ntap-20230316-0008/

reference_url	https://access.redhat.com/errata/RHSA-2023:1533
reference_id	RHSA-2023:1533
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1533

reference_url	https://access.redhat.com/errata/RHSA-2023:1582
reference_id	RHSA-2023:1582
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1582

reference_url	https://access.redhat.com/errata/RHSA-2023:1583
reference_id	RHSA-2023:1583
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1583

reference_url	https://access.redhat.com/errata/RHSA-2023:1742
reference_id	RHSA-2023:1742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1742

reference_url	https://access.redhat.com/errata/RHSA-2023:1743
reference_id	RHSA-2023:1743
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1743

reference_url	https://access.redhat.com/errata/RHSA-2023:1744
reference_id	RHSA-2023:1744
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1744

reference_url	https://access.redhat.com/errata/RHSA-2023:2654
reference_id	RHSA-2023:2654
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2654

reference_url	https://access.redhat.com/errata/RHSA-2023:2655
reference_id	RHSA-2023:2655
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2655

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.19.0%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/nodejs@18.19.0%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.0%252Bdfsg-2%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie
purl	pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.0%252Bdfsg-6~deb12u1%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2023-23918

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7nnu-jtjx-u3ff

url VCID-7tpb-9zrz-e7e1

vulnerability_id VCID-7tpb-9zrz-e7e1

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32212.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32212.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-32212

reference_id

reference_type

scores

value	0.00064
scoring_system	epss
scoring_elements	0.19983
published_at	2026-04-02T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.20041
published_at	2026-04-04T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19768
published_at	2026-04-07T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19848
published_at	2026-04-08T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19901
published_at	2026-04-09T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19911
published_at	2026-04-11T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19867
published_at	2026-04-12T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19809
published_at	2026-04-13T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19782
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-32212

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2105422
reference_id	2105422
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2105422

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2022:6389
reference_id	RHSA-2022:6389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6389

reference_url	https://access.redhat.com/errata/RHSA-2022:6448
reference_id	RHSA-2022:6448
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6448

reference_url	https://access.redhat.com/errata/RHSA-2022:6449
reference_id	RHSA-2022:6449
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6449

reference_url	https://access.redhat.com/errata/RHSA-2022:6595
reference_id	RHSA-2022:6595
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6595

reference_url	https://access.redhat.com/errata/RHSA-2022:6985
reference_id	RHSA-2022:6985
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6985

reference_url	https://usn.ubuntu.com/6491-1/
reference_id	USN-6491-1
reference_type
scores
url	https://usn.ubuntu.com/6491-1/

fixed_packages

url	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.6.0%2Bdfsg-3?distro=trixie
purl	pkg:deb/debian/nodejs@18.6.0%2Bdfsg-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.6.0%252Bdfsg-3%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2022-32212

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7tpb-9zrz-e7e1

url VCID-7z51-jgw6-v7hr

vulnerability_id VCID-7z51-jgw6-v7hr

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32005.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32005.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-32005

reference_id

reference_type

scores

value	0.01138
scoring_system	epss
scoring_elements	0.7835
published_at	2026-04-02T12:55:00Z

value	0.01138
scoring_system	epss
scoring_elements	0.78381
published_at	2026-04-04T12:55:00Z

value	0.01324
scoring_system	epss
scoring_elements	0.79929
published_at	2026-04-16T12:55:00Z

value	0.01324
scoring_system	epss
scoring_elements	0.79896
published_at	2026-04-08T12:55:00Z

value	0.01324
scoring_system	epss
scoring_elements	0.79904
published_at	2026-04-09T12:55:00Z

value	0.01324
scoring_system	epss
scoring_elements	0.79924
published_at	2026-04-11T12:55:00Z

value	0.01324
scoring_system	epss
scoring_elements	0.79908
published_at	2026-04-12T12:55:00Z

value	0.01324
scoring_system	epss
scoring_elements	0.799
published_at	2026-04-13T12:55:00Z

value	0.01324
scoring_system	epss
scoring_elements	0.79867
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-32005

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/2051224

reference_id

2051224

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:42Z/

url

https://hackerone.com/reports/2051224

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2230958
reference_id	2230958
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2230958

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url

https://security.netapp.com/advisory/ntap-20231103-0004/

reference_id

ntap-20231103-0004

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:42Z/

url

https://security.netapp.com/advisory/ntap-20231103-0004/

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2023-32005

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7z51-jgw6-v7hr

url VCID-8c4g-fjsa-nkhw

vulnerability_id VCID-8c4g-fjsa-nkhw

summary

llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields
The llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. The LF character (without CR) is sufficient to delimit HTTP header fields in the lihttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This can lead to HTTP Request Smuggling (HRS).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32214.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32214.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-32214

reference_id

reference_type

scores

value	0.39294
scoring_system	epss
scoring_elements	0.97296
published_at	2026-04-16T12:55:00Z

value	0.45841
scoring_system	epss
scoring_elements	0.97612
published_at	2026-04-07T12:55:00Z

value	0.45841
scoring_system	epss
scoring_elements	0.97625
published_at	2026-04-13T12:55:00Z

value	0.45841
scoring_system	epss
scoring_elements	0.97624
published_at	2026-04-12T12:55:00Z

value	0.45841
scoring_system	epss
scoring_elements	0.97622
published_at	2026-04-11T12:55:00Z

value	0.45841
scoring_system	epss
scoring_elements	0.97619
published_at	2026-04-09T12:55:00Z

value	0.45841
scoring_system	epss
scoring_elements	0.97608
published_at	2026-04-02T12:55:00Z

value	0.45841
scoring_system	epss
scoring_elements	0.97611
published_at	2026-04-04T12:55:00Z

value	0.45841
scoring_system	epss
scoring_elements	0.97617
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-32214

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548

reference_url

https://datatracker.ietf.org/doc/html/rfc7230#section-3

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://datatracker.ietf.org/doc/html/rfc7230#section-3

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb

reference_url

https://hackerone.com/reports/1524692

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/1524692

reference_url

https://nodejs.org/en/blog/vulnerability/july-2022-security-releases

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nodejs.org/en/blog/vulnerability/july-2022-security-releases

reference_url	https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-32214

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-32214

reference_url

https://security.netapp.com/advisory/ntap-20220915-0001

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220915-0001

reference_url	https://security.netapp.com/advisory/ntap-20220915-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220915-0001/

reference_url

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-q5vx-44v4-gch4

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2105428
reference_id	2105428
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2105428

reference_url

reference_id

GHSA-q5vx-44v4-gch4

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q5vx-44v4-gch4

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2022:6389
reference_id	RHSA-2022:6389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6389

reference_url	https://access.redhat.com/errata/RHSA-2022:6448
reference_id	RHSA-2022:6448
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6448

reference_url	https://access.redhat.com/errata/RHSA-2022:6449
reference_id	RHSA-2022:6449
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6449

reference_url	https://access.redhat.com/errata/RHSA-2022:6595
reference_id	RHSA-2022:6595
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6595

reference_url	https://access.redhat.com/errata/RHSA-2022:6985
reference_id	RHSA-2022:6985
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6985

reference_url	https://usn.ubuntu.com/6491-1/
reference_id	USN-6491-1
reference_type
scores
url	https://usn.ubuntu.com/6491-1/

fixed_packages

url	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.6.0%2Bdfsg-3?distro=trixie
purl	pkg:deb/debian/nodejs@18.6.0%2Bdfsg-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.6.0%252Bdfsg-3%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2022-32214, GHSA-q5vx-44v4-gch4

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8c4g-fjsa-nkhw

url VCID-8m9d-ah96-d7cg

vulnerability_id VCID-8m9d-ah96-d7cg

summary

Multiple vulnerabilities have been found in Node.js, the worst of
    which can allow remote attackers to cause Denial of Service conditions.

references

reference_url	http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8027.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8027.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-8027

reference_id

reference_type

scores

value	0.0139
scoring_system	epss
scoring_elements	0.80381
published_at	2026-04-16T12:55:00Z

value	0.0139
scoring_system	epss
scoring_elements	0.80351
published_at	2026-04-13T12:55:00Z

value	0.0139
scoring_system	epss
scoring_elements	0.80299
published_at	2026-04-01T12:55:00Z

value	0.0139
scoring_system	epss
scoring_elements	0.80307
published_at	2026-04-02T12:55:00Z

value	0.0139
scoring_system	epss
scoring_elements	0.80327
published_at	2026-04-04T12:55:00Z

value	0.0139
scoring_system	epss
scoring_elements	0.80315
published_at	2026-04-07T12:55:00Z

value	0.0139
scoring_system	epss
scoring_elements	0.80343
published_at	2026-04-08T12:55:00Z

value	0.0139
scoring_system	epss
scoring_elements	0.80354
published_at	2026-04-09T12:55:00Z

value	0.0139
scoring_system	epss
scoring_elements	0.80372
published_at	2026-04-11T12:55:00Z

value	0.0139
scoring_system	epss
scoring_elements	0.80358
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-8027

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8027
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8027

reference_url	https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/

reference_url	https://nodejs.org/en/blog/vulnerability/december-2015-security-releases/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/december-2015-security-releases/

reference_url	http://www-01.ibm.com/support/docview.wss?uid=swg1IV79524
reference_id
reference_type
scores
url	http://www-01.ibm.com/support/docview.wss?uid=swg1IV79524

reference_url	http://www-01.ibm.com/support/docview.wss?uid=swg21972419
reference_id
reference_type
scores
url	http://www-01.ibm.com/support/docview.wss?uid=swg21972419

reference_url	http://www.securityfocus.com/bid/78207
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/78207

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1285771
reference_id	1285771
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1285771

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806385
reference_id	806385
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806385

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.12.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.1:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.12.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.2:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.12.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.3:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.12.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.4:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.12.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.5:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.12.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.6:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.12.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.7:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.12.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.8:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.12.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:4.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.1:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:4.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.2:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:4.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.0.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:5.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.1.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:5.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.1.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-8027

reference_id

CVE-2015-8027

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2015-8027

reference_url	https://security.gentoo.org/glsa/201612-43
reference_id	GLSA-201612-43
reference_type
scores
url	https://security.gentoo.org/glsa/201612-43

fixed_packages

url	pkg:deb/debian/nodejs@4.2.3~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@4.2.3~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@4.2.3~dfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2015-8027

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8m9d-ah96-d7cg

url VCID-8myg-sjwy-yqfp

vulnerability_id VCID-8myg-sjwy-yqfp

summary Node.js: OpenSSL error handling issues in nodejs crypto library

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23919.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23919.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-23919

reference_id

reference_type

scores

value	0.00508
scoring_system	epss
scoring_elements	0.66318
published_at	2026-04-16T12:55:00Z

value	0.0057
scoring_system	epss
scoring_elements	0.68536
published_at	2026-04-07T12:55:00Z

value	0.0057
scoring_system	epss
scoring_elements	0.68588
published_at	2026-04-13T12:55:00Z

value	0.0057
scoring_system	epss
scoring_elements	0.68618
published_at	2026-04-12T12:55:00Z

value	0.0057
scoring_system	epss
scoring_elements	0.6863
published_at	2026-04-11T12:55:00Z

value	0.0057
scoring_system	epss
scoring_elements	0.68605
published_at	2026-04-09T12:55:00Z

value	0.0057
scoring_system	epss
scoring_elements	0.68587
published_at	2026-04-08T12:55:00Z

value	0.00689
scoring_system	epss
scoring_elements	0.71716
published_at	2026-04-02T12:55:00Z

value	0.00689
scoring_system	epss
scoring_elements	0.71735
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-23919

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834
reference_id	1031834
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834

reference_url

https://hackerone.com/reports/1808596

reference_id

1808596

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:26:46Z/

url

https://hackerone.com/reports/1808596

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2172170
reference_id	2172170
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2172170

reference_url

https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/

reference_id

february-2023-security-releases

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:26:46Z/

url

https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/

reference_url

https://security.netapp.com/advisory/ntap-20230316-0008/

reference_id

ntap-20230316-0008

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:26:46Z/

url

https://security.netapp.com/advisory/ntap-20230316-0008/

reference_url	https://access.redhat.com/errata/RHSA-2023:1582
reference_id	RHSA-2023:1582
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1582

reference_url	https://access.redhat.com/errata/RHSA-2023:1583
reference_id	RHSA-2023:1583
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1583

reference_url	https://access.redhat.com/errata/RHSA-2023:2654
reference_id	RHSA-2023:2654
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2654

reference_url	https://usn.ubuntu.com/6672-1/
reference_id	USN-6672-1
reference_type
scores
url	https://usn.ubuntu.com/6672-1/

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie
purl	pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.13.0%252Bdfsg1-1.1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie
purl	pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.0%252Bdfsg-6~deb12u1%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2023-23919

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8myg-sjwy-yqfp

url VCID-8qmf-bwmg-5bar

vulnerability_id VCID-8qmf-bwmg-5bar

summary nodejs: Unitialized buffer due to incorrect encoding

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15897.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15897.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15897

reference_id

reference_type

scores

value	0.00492
scoring_system	epss
scoring_elements	0.65552
published_at	2026-04-01T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.65596
published_at	2026-04-07T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.656
published_at	2026-04-02T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.6563
published_at	2026-04-04T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.65648
published_at	2026-04-08T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70643
published_at	2026-04-11T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70659
published_at	2026-04-16T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.7062
published_at	2026-04-09T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70628
published_at	2026-04-12T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70614
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15897

reference_url	https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1532534
reference_id	1532534
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1532534

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*
reference_id	cpe:2.3:a:nodejs:node.js:::::-:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::lts:::*
reference_id	cpe:2.3:a:nodejs:node.js:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::lts:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-15897

reference_id

CVE-2017-15897

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-15897

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2017-15897

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8qmf-bwmg-5bar

url VCID-9g7s-y7nq-xfbb

vulnerability_id VCID-9g7s-y7nq-xfbb

summary Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22939.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22939.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22939

reference_id

reference_type

scores

value	0.00124
scoring_system	epss
scoring_elements	0.31612
published_at	2026-04-01T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.3165
published_at	2026-04-16T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31653
published_at	2026-04-12T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31617
published_at	2026-04-13T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31744
published_at	2026-04-02T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31788
published_at	2026-04-04T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31607
published_at	2026-04-07T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.3166
published_at	2026-04-08T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31689
published_at	2026-04-09T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31693
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22939

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22939
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22939

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1993039
reference_id	1993039
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1993039

reference_url

reference_id

AVG-2283

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9513.json

reference_url	https://security.gentoo.org/glsa/202401-02
reference_id	GLSA-202401-02
reference_type
scores
url	https://security.gentoo.org/glsa/202401-02

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2021:3280
reference_id	RHSA-2021:3280
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3280

reference_url	https://access.redhat.com/errata/RHSA-2021:3281
reference_id	RHSA-2021:3281
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3281

reference_url	https://access.redhat.com/errata/RHSA-2021:3623
reference_id	RHSA-2021:3623
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3623

reference_url	https://access.redhat.com/errata/RHSA-2021:3638
reference_id	RHSA-2021:3638
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3638

reference_url	https://access.redhat.com/errata/RHSA-2021:3639
reference_id	RHSA-2021:3639
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3639

reference_url	https://access.redhat.com/errata/RHSA-2021:3666
reference_id	RHSA-2021:3666
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3666

fixed_packages

url	pkg:deb/debian/nodejs@12.22.5~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.5~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.5~dfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@12.22.5~dfsg-2~11u1?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.5~dfsg-2~11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.5~dfsg-2~11u1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2021-22939

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9g7s-y7nq-xfbb

url VCID-9hzg-r1fj-pubf

vulnerability_id VCID-9hzg-r1fj-pubf

summary Excessive CPU usage in HTTP/2 with priority changes

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9513.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-9513

reference_id

reference_type

scores

value	0.06705
scoring_system	epss
scoring_elements	0.91201
published_at	2026-04-01T12:55:00Z

value	0.06705
scoring_system	epss
scoring_elements	0.91275
published_at	2026-04-16T12:55:00Z

value	0.06705
scoring_system	epss
scoring_elements	0.91235
published_at	2026-04-08T12:55:00Z

value	0.06705
scoring_system	epss
scoring_elements	0.91241
published_at	2026-04-09T12:55:00Z

value	0.06705
scoring_system	epss
scoring_elements	0.91248
published_at	2026-04-11T12:55:00Z

value	0.06705
scoring_system	epss
scoring_elements	0.91251
published_at	2026-04-12T12:55:00Z

value	0.06705
scoring_system	epss
scoring_elements	0.9125
published_at	2026-04-13T12:55:00Z

value	0.06705
scoring_system	epss
scoring_elements	0.91206
published_at	2026-04-02T12:55:00Z

value	0.06705
scoring_system	epss
scoring_elements	0.91215
published_at	2026-04-04T12:55:00Z

value	0.06705
scoring_system	epss
scoring_elements	0.91221
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-9513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html

reference_id

reference_type

scores

value	low
scoring_system	generic_textual
scoring_elements

url

https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1735741
reference_id	1735741
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1735741

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885
reference_id	934885
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037
reference_id	935037
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037

reference_url	https://security.archlinux.org/ASA-201908-12
reference_id	ASA-201908-12
reference_type
scores
url	https://security.archlinux.org/ASA-201908-12

reference_url	https://security.archlinux.org/ASA-201908-13
reference_id	ASA-201908-13
reference_type
scores
url	https://security.archlinux.org/ASA-201908-13

reference_url	https://security.archlinux.org/ASA-201908-17
reference_id	ASA-201908-17
reference_type
scores
url	https://security.archlinux.org/ASA-201908-17

reference_url

reference_id

AVG-1022

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-1023

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-1024

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5739.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2019-9513
reference_id	CVE-2019-9513
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2019-9513

reference_url	https://access.redhat.com/errata/RHSA-2019:2692
reference_id	RHSA-2019:2692
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2692

reference_url	https://access.redhat.com/errata/RHSA-2019:2745
reference_id	RHSA-2019:2745
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2745

reference_url	https://access.redhat.com/errata/RHSA-2019:2746
reference_id	RHSA-2019:2746
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2746

reference_url	https://access.redhat.com/errata/RHSA-2019:2775
reference_id	RHSA-2019:2775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2775

reference_url	https://access.redhat.com/errata/RHSA-2019:2799
reference_id	RHSA-2019:2799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2799

reference_url	https://access.redhat.com/errata/RHSA-2019:2946
reference_id	RHSA-2019:2946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2946

reference_url	https://access.redhat.com/errata/RHSA-2019:2949
reference_id	RHSA-2019:2949
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2949

reference_url	https://access.redhat.com/errata/RHSA-2019:3041
reference_id	RHSA-2019:3041
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3041

reference_url	https://access.redhat.com/errata/RHSA-2019:3932
reference_id	RHSA-2019:3932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3932

reference_url	https://access.redhat.com/errata/RHSA-2019:3933
reference_id	RHSA-2019:3933
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3933

reference_url	https://access.redhat.com/errata/RHSA-2019:3935
reference_id	RHSA-2019:3935
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3935

reference_url	https://access.redhat.com/errata/RHSA-2020:0983
reference_id	RHSA-2020:0983
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0983

reference_url	https://usn.ubuntu.com/4099-1/
reference_id	USN-4099-1
reference_type
scores
url	https://usn.ubuntu.com/4099-1/

reference_url	https://usn.ubuntu.com/6754-1/
reference_id	USN-6754-1
reference_type
scores
url	https://usn.ubuntu.com/6754-1/

fixed_packages

url	pkg:deb/debian/nodejs@10.16.3~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@10.16.3~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.16.3~dfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2019-9513

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9hzg-r1fj-pubf

url VCID-9tvd-qsp8-byfx

vulnerability_id VCID-9tvd-qsp8-byfx

summary

Multiple vulnerabilities have been found in Node.js, worst of which
    could allow remote attackers to write arbitrary files.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5739.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-5739

reference_id

reference_type

scores

value	0.00312
scoring_system	epss
scoring_elements	0.54291
published_at	2026-04-01T12:55:00Z

value	0.00312
scoring_system	epss
scoring_elements	0.54411
published_at	2026-04-16T12:55:00Z

value	0.00312
scoring_system	epss
scoring_elements	0.54412
published_at	2026-04-11T12:55:00Z

value	0.00312
scoring_system	epss
scoring_elements	0.54394
published_at	2026-04-12T12:55:00Z

value	0.00312
scoring_system	epss
scoring_elements	0.54372
published_at	2026-04-13T12:55:00Z

value	0.00312
scoring_system	epss
scoring_elements	0.54311
published_at	2026-04-02T12:55:00Z

value	0.00312
scoring_system	epss
scoring_elements	0.54341
published_at	2026-04-04T12:55:00Z

value	0.00312
scoring_system	epss
scoring_elements	0.54316
published_at	2026-04-07T12:55:00Z

value	0.00312
scoring_system	epss
scoring_elements	0.54368
published_at	2026-04-08T12:55:00Z

value	0.00312
scoring_system	epss
scoring_elements	0.54363
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-5739

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5739
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5739

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/

reference_url	https://security.gentoo.org/glsa/202003-48
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/202003-48

reference_url	https://security.netapp.com/advisory/ntap-20190502-0008/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190502-0008/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1690798
reference_id	1690798
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1690798

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::lts:::*
reference_id	cpe:2.3:a:nodejs:node.js:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::lts:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-5739

reference_id

CVE-2019-5739

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-5739

fixed_packages

url	pkg:deb/debian/nodejs@8.9.3~dfsg-5?distro=trixie
purl	pkg:deb/debian/nodejs@8.9.3~dfsg-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@8.9.3~dfsg-5%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2019-5739

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9tvd-qsp8-byfx

url VCID-9uux-1n93-4kcs

vulnerability_id VCID-9uux-1n93-4kcs

summary nodejs: Unintentional exposure of uninitialized memory

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7166.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7166.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-7166

reference_id

reference_type

scores

value	0.0086
scoring_system	epss
scoring_elements	0.74986
published_at	2026-04-01T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.74989
published_at	2026-04-02T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75018
published_at	2026-04-04T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.74995
published_at	2026-04-07T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75029
published_at	2026-04-08T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.7504
published_at	2026-04-09T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75062
published_at	2026-04-11T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75041
published_at	2026-04-12T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75031
published_at	2026-04-13T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75068
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-7166

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1620215
reference_id	1620215
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1620215

reference_url	https://access.redhat.com/errata/RHSA-2018:2553
reference_id	RHSA-2018:2553
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2553

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2018-7166

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9uux-1n93-4kcs

url VCID-9v22-ened-4bg2

vulnerability_id VCID-9v22-ened-4bg2

summary

Multiple vulnerabilities have been found in Node.js, worst of which
    could allow remote attackers to write arbitrary files.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12123.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12123.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12123

reference_id

reference_type

scores

value	0.04555
scoring_system	epss
scoring_elements	0.89144
published_at	2026-04-01T12:55:00Z

value	0.04555
scoring_system	epss
scoring_elements	0.89151
published_at	2026-04-02T12:55:00Z

value	0.04555
scoring_system	epss
scoring_elements	0.89166
published_at	2026-04-04T12:55:00Z

value	0.04555
scoring_system	epss
scoring_elements	0.89169
published_at	2026-04-07T12:55:00Z

value	0.04555
scoring_system	epss
scoring_elements	0.89187
published_at	2026-04-08T12:55:00Z

value	0.04555
scoring_system	epss
scoring_elements	0.89192
published_at	2026-04-09T12:55:00Z

value	0.04555
scoring_system	epss
scoring_elements	0.89202
published_at	2026-04-11T12:55:00Z

value	0.04555
scoring_system	epss
scoring_elements	0.89198
published_at	2026-04-12T12:55:00Z

value	0.04555
scoring_system	epss
scoring_elements	0.89195
published_at	2026-04-13T12:55:00Z

value	0.04555
scoring_system	epss
scoring_elements	0.89208
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12123

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12123
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12123

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1661010
reference_id	1661010
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1661010

reference_url	https://usn.ubuntu.com/USN-4796-1/
reference_id	USN-USN-4796-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4796-1/

fixed_packages

url	pkg:deb/debian/nodejs@10.15.0~dfsg-6?distro=trixie
purl	pkg:deb/debian/nodejs@10.15.0~dfsg-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.15.0~dfsg-6%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2018-12123

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9v22-ened-4bg2

url VCID-9yq7-aba3-c7c3

vulnerability_id VCID-9yq7-aba3-c7c3

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32559.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32559.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-32559

reference_id

reference_type

scores

value	0.00061
scoring_system	epss
scoring_elements	0.1888
published_at	2026-04-16T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18885
published_at	2026-04-07T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18963
published_at	2026-04-08T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19017
published_at	2026-04-09T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19024
published_at	2026-04-11T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18977
published_at	2026-04-12T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18926
published_at	2026-04-13T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19169
published_at	2026-04-04T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22427
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-32559

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050739
reference_id	1050739
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050739

reference_url

https://hackerone.com/reports/1946470

reference_id

1946470

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:34:58Z/

url

https://hackerone.com/reports/1946470

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2230956
reference_id	2230956
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2230956

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url

https://security.netapp.com/advisory/ntap-20231006-0006/

reference_id

ntap-20231006-0006

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:34:58Z/

url

https://security.netapp.com/advisory/ntap-20231006-0006/

reference_url	https://access.redhat.com/errata/RHSA-2023:5360
reference_id	RHSA-2023:5360
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5360

reference_url	https://access.redhat.com/errata/RHSA-2023:5361
reference_id	RHSA-2023:5361
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5361

reference_url	https://access.redhat.com/errata/RHSA-2023:5362
reference_id	RHSA-2023:5362
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5362

reference_url	https://access.redhat.com/errata/RHSA-2023:5363
reference_id	RHSA-2023:5363
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5363

reference_url	https://access.redhat.com/errata/RHSA-2023:5532
reference_id	RHSA-2023:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5532

reference_url	https://access.redhat.com/errata/RHSA-2023:5533
reference_id	RHSA-2023:5533
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5533

reference_url	https://usn.ubuntu.com/6822-1/
reference_id	USN-6822-1
reference_type
scores
url	https://usn.ubuntu.com/6822-1/

fixed_packages

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie
purl	pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.13.0%252Bdfsg1-1.1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie
purl	pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.0%252Bdfsg-6~deb12u1%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2023-32559

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9yq7-aba3-c7c3

url VCID-a7mj-p1d7-h3cv

vulnerability_id VCID-a7mj-p1d7-h3cv

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39331.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39331.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-39331

reference_id

reference_type

scores

value	0.00719
scoring_system	epss
scoring_elements	0.72413
published_at	2026-04-02T12:55:00Z

value	0.00719
scoring_system	epss
scoring_elements	0.72497
published_at	2026-04-16T12:55:00Z

value	0.00719
scoring_system	epss
scoring_elements	0.72447
published_at	2026-04-08T12:55:00Z

value	0.00719
scoring_system	epss
scoring_elements	0.7246
published_at	2026-04-09T12:55:00Z

value	0.00719
scoring_system	epss
scoring_elements	0.72483
published_at	2026-04-11T12:55:00Z

value	0.00719
scoring_system	epss
scoring_elements	0.72465
published_at	2026-04-12T12:55:00Z

value	0.00719
scoring_system	epss
scoring_elements	0.72455
published_at	2026-04-13T12:55:00Z

value	0.00719
scoring_system	epss
scoring_elements	0.72431
published_at	2026-04-04T12:55:00Z

value	0.00719
scoring_system	epss
scoring_elements	0.72408
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-39331

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/2092852

reference_id

2092852

reference_type

scores

value	7.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-13T15:17:01Z/

url

https://hackerone.com/reports/2092852

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2244413
reference_id	2244413
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2244413

reference_url	https://security.gentoo.org/glsa/202505-11
reference_id	GLSA-202505-11
reference_type
scores
url	https://security.gentoo.org/glsa/202505-11

reference_url

https://security.netapp.com/advisory/ntap-20231116-0009/

reference_id

ntap-20231116-0009

reference_type

scores

value	7.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-13T15:17:01Z/

url

https://security.netapp.com/advisory/ntap-20231116-0009/

reference_url	https://access.redhat.com/errata/RHSA-2023:7205
reference_id	RHSA-2023:7205
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7205

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2023-39331

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7mj-p1d7-h3cv

url VCID-ap4u-dkwx-1kb3

vulnerability_id VCID-ap4u-dkwx-1kb3

summary Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22931.json

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22931.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22931

reference_id

reference_type

scores

value	0.00662
scoring_system	epss
scoring_elements	0.71095
published_at	2026-04-01T12:55:00Z

value	0.00662
scoring_system	epss
scoring_elements	0.71189
published_at	2026-04-16T12:55:00Z

value	0.00662
scoring_system	epss
scoring_elements	0.71104
published_at	2026-04-02T12:55:00Z

value	0.00662
scoring_system	epss
scoring_elements	0.71122
published_at	2026-04-04T12:55:00Z

value	0.00662
scoring_system	epss
scoring_elements	0.71097
published_at	2026-04-07T12:55:00Z

value	0.00662
scoring_system	epss
scoring_elements	0.71139
published_at	2026-04-08T12:55:00Z

value	0.00662
scoring_system	epss
scoring_elements	0.71151
published_at	2026-04-09T12:55:00Z

value	0.00662
scoring_system	epss
scoring_elements	0.71175
published_at	2026-04-11T12:55:00Z

value	0.00662
scoring_system	epss
scoring_elements	0.7116
published_at	2026-04-12T12:55:00Z

value	0.00662
scoring_system	epss
scoring_elements	0.71143
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22931

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1178337

reference_id

1178337

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-11T21:01:01Z/

url

https://hackerone.com/reports/1178337

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1993019
reference_id	1993019
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1993019

reference_url

https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/

reference_id

aug-2021-security-releases

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-11T21:01:01Z/

url

https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/

reference_url

https://security.archlinux.org/AVG-2286

reference_id

AVG-2286

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2286

reference_url

https://security.gentoo.org/glsa/202401-02

reference_id

GLSA-202401-02

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-11T21:01:01Z/

url

https://security.gentoo.org/glsa/202401-02

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url

https://security.netapp.com/advisory/ntap-20210923-0001/

reference_id

ntap-20210923-0001

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-11T21:01:01Z/

url

https://security.netapp.com/advisory/ntap-20210923-0001/

reference_url

https://security.netapp.com/advisory/ntap-20211022-0003/

reference_id

ntap-20211022-0003

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-11T21:01:01Z/

url

https://security.netapp.com/advisory/ntap-20211022-0003/

reference_url	https://access.redhat.com/errata/RHSA-2021:3280
reference_id	RHSA-2021:3280
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3280

reference_url	https://access.redhat.com/errata/RHSA-2021:3281
reference_id	RHSA-2021:3281
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3281

reference_url	https://access.redhat.com/errata/RHSA-2021:3623
reference_id	RHSA-2021:3623
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3623

reference_url	https://access.redhat.com/errata/RHSA-2021:3638
reference_id	RHSA-2021:3638
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3638

reference_url	https://access.redhat.com/errata/RHSA-2021:3639
reference_id	RHSA-2021:3639
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3639

reference_url	https://access.redhat.com/errata/RHSA-2021:3666
reference_id	RHSA-2021:3666
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3666

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2021-22931

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ap4u-dkwx-1kb3

url VCID-apbs-8ge7-dyg3

vulnerability_id VCID-apbs-8ge7-dyg3

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21896.json

reference_id

reference_type

scores

value	7.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21896.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-21896

reference_id

reference_type

scores

value	0.01642
scoring_system	epss
scoring_elements	0.81989
published_at	2026-04-16T12:55:00Z

value	0.01642
scoring_system	epss
scoring_elements	0.81921
published_at	2026-04-04T12:55:00Z

value	0.01642
scoring_system	epss
scoring_elements	0.81917
published_at	2026-04-07T12:55:00Z

value	0.01642
scoring_system	epss
scoring_elements	0.81943
published_at	2026-04-08T12:55:00Z

value	0.01642
scoring_system	epss
scoring_elements	0.81951
published_at	2026-04-09T12:55:00Z

value	0.01642
scoring_system	epss
scoring_elements	0.81971
published_at	2026-04-11T12:55:00Z

value	0.01642
scoring_system	epss
scoring_elements	0.81959
published_at	2026-04-12T12:55:00Z

value	0.01642
scoring_system	epss
scoring_elements	0.81954
published_at	2026-04-13T12:55:00Z

value	0.01642
scoring_system	epss
scoring_elements	0.81898
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-21896

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/2218653

reference_id

2218653

reference_type

scores

value	7.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/CR:M/IR:M/AR:M

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-12T04:00:41Z/

url

https://hackerone.com/reports/2218653

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2265717
reference_id	2265717
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2265717

reference_url	https://security.gentoo.org/glsa/202505-11
reference_id	GLSA-202505-11
reference_type
scores
url	https://security.gentoo.org/glsa/202505-11

reference_url

https://security.netapp.com/advisory/ntap-20240329-0002/

reference_id

ntap-20240329-0002

reference_type

scores

value	7.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/CR:M/IR:M/AR:M

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-12T04:00:41Z/

url

https://security.netapp.com/advisory/ntap-20240329-0002/

reference_url	https://access.redhat.com/errata/RHSA-2024:1687
reference_id	RHSA-2024:1687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1687

reference_url	https://access.redhat.com/errata/RHSA-2024:1688
reference_id	RHSA-2024:1688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1688

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2024-21896

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-apbs-8ge7-dyg3

url VCID-atyy-fepb-6yge

vulnerability_id VCID-atyy-fepb-6yge

summary

Multiple vulnerabilities have been found in Node.js, the worst of
    which can allow remote attackers to cause Denial of Service conditions.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5325.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5325.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-5325

reference_id

reference_type

scores

value	0.00985
scoring_system	epss
scoring_elements	0.76765
published_at	2026-04-01T12:55:00Z

value	0.00985
scoring_system	epss
scoring_elements	0.76769
published_at	2026-04-02T12:55:00Z

value	0.00985
scoring_system	epss
scoring_elements	0.76798
published_at	2026-04-04T12:55:00Z

value	0.00985
scoring_system	epss
scoring_elements	0.76779
published_at	2026-04-07T12:55:00Z

value	0.00985
scoring_system	epss
scoring_elements	0.7681
published_at	2026-04-08T12:55:00Z

value	0.00985
scoring_system	epss
scoring_elements	0.7682
published_at	2026-04-09T12:55:00Z

value	0.00985
scoring_system	epss
scoring_elements	0.76849
published_at	2026-04-11T12:55:00Z

value	0.00985
scoring_system	epss
scoring_elements	0.76829
published_at	2026-04-12T12:55:00Z

value	0.00985
scoring_system	epss
scoring_elements	0.76822
published_at	2026-04-13T12:55:00Z

value	0.00985
scoring_system	epss
scoring_elements	0.76865
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-5325

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5325
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5325

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1346910
reference_id	1346910
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1346910

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839714
reference_id	839714
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839714

reference_url	https://security.gentoo.org/glsa/201612-43
reference_id	GLSA-201612-43
reference_type
scores
url	https://security.gentoo.org/glsa/201612-43

reference_url	https://access.redhat.com/errata/RHSA-2017:0002
reference_id	RHSA-2017:0002
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0002

fixed_packages

url	pkg:deb/debian/nodejs@4.6.0~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@4.6.0~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@4.6.0~dfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2016-5325

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-atyy-fepb-6yge

url VCID-b1vd-c8xt-dqc6

vulnerability_id VCID-b1vd-c8xt-dqc6

summary Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-36138

reference_id

reference_type

scores

value	0.00261
scoring_system	epss
scoring_elements	0.49476
published_at	2026-04-16T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49428
published_at	2026-04-12T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.4943
published_at	2026-04-13T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49409
published_at	2026-04-02T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49436
published_at	2026-04-04T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49389
published_at	2026-04-07T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49444
published_at	2026-04-08T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49439
published_at	2026-04-09T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49457
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-36138

reference_url

https://nodejs.org/en/blog/vulnerability/july-2024-security-releases

reference_id

july-2024-security-releases

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T17:53:28Z/

url

https://nodejs.org/en/blog/vulnerability/july-2024-security-releases

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2024-36138

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b1vd-c8xt-dqc6

url VCID-b54b-pd2b-bygm

vulnerability_id VCID-b54b-pd2b-bygm

summary

llhttp allows HTTP Request Smuggling via Flawed Parsing of Transfer-Encoding
The llhttp parser in the http module in Node.js v17.x does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).

Impacts:

- All versions of the nodejs 18.x, 16.x, and 14.x releases lines.
- llhttp v6.0.7 and llhttp v2.1.5 contains the fixes that were updated inside Node.js

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32213.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32213.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-32213

reference_id

reference_type

scores

value	0.88458
scoring_system	epss
scoring_elements	0.99504
published_at	2026-04-16T12:55:00Z

value	0.89626
scoring_system	epss
scoring_elements	0.99561
published_at	2026-04-13T12:55:00Z

value	0.89626
scoring_system	epss
scoring_elements	0.9956
published_at	2026-04-12T12:55:00Z

value	0.89626
scoring_system	epss
scoring_elements	0.99559
published_at	2026-04-07T12:55:00Z

value	0.89626
scoring_system	epss
scoring_elements	0.99558
published_at	2026-04-04T12:55:00Z

value	0.89626
scoring_system	epss
scoring_elements	0.99557
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-32213

reference_url

https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb

reference_url

https://hackerone.com/reports/1524555

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/1524555

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/

reference_url

https://nodejs.org/en/blog/vulnerability/july-2022-security-releases

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nodejs.org/en/blog/vulnerability/july-2022-security-releases

reference_url	https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-32213

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-32213

reference_url

https://security.netapp.com/advisory/ntap-20220915-0001

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220915-0001

reference_url	https://security.netapp.com/advisory/ntap-20220915-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220915-0001/

reference_url

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-5689-v88g-g6rv

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2105430
reference_id	2105430
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2105430

reference_url

reference_id

GHSA-5689-v88g-g6rv

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5689-v88g-g6rv

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2022:6389
reference_id	RHSA-2022:6389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6389

reference_url	https://access.redhat.com/errata/RHSA-2022:6448
reference_id	RHSA-2022:6448
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6448

reference_url	https://access.redhat.com/errata/RHSA-2022:6449
reference_id	RHSA-2022:6449
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6449

reference_url	https://access.redhat.com/errata/RHSA-2022:6595
reference_id	RHSA-2022:6595
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6595

reference_url	https://access.redhat.com/errata/RHSA-2022:6985
reference_id	RHSA-2022:6985
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6985

reference_url	https://usn.ubuntu.com/6491-1/
reference_id	USN-6491-1
reference_type
scores
url	https://usn.ubuntu.com/6491-1/

fixed_packages

url	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.6.0%2Bdfsg-3?distro=trixie
purl	pkg:deb/debian/nodejs@18.6.0%2Bdfsg-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.6.0%252Bdfsg-3%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2022-32213, GHSA-5689-v88g-g6rv

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b54b-pd2b-bygm

url VCID-b7hq-5yyx-tuhs

vulnerability_id VCID-b7hq-5yyx-tuhs

summary Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22921

reference_id

reference_type

scores

value	0.00527
scoring_system	epss
scoring_elements	0.67152
published_at	2026-04-16T12:55:00Z

value	0.00527
scoring_system	epss
scoring_elements	0.67048
published_at	2026-04-01T12:55:00Z

value	0.00527
scoring_system	epss
scoring_elements	0.67085
published_at	2026-04-02T12:55:00Z

value	0.00527
scoring_system	epss
scoring_elements	0.67109
published_at	2026-04-04T12:55:00Z

value	0.00527
scoring_system	epss
scoring_elements	0.67083
published_at	2026-04-07T12:55:00Z

value	0.00527
scoring_system	epss
scoring_elements	0.67133
published_at	2026-04-08T12:55:00Z

value	0.00527
scoring_system	epss
scoring_elements	0.67145
published_at	2026-04-09T12:55:00Z

value	0.00527
scoring_system	epss
scoring_elements	0.67164
published_at	2026-04-11T12:55:00Z

value	0.00527
scoring_system	epss
scoring_elements	0.6715
published_at	2026-04-12T12:55:00Z

value	0.00527
scoring_system	epss
scoring_elements	0.67119
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22921

reference_url

https://security.archlinux.org/AVG-2130

reference_id

AVG-2130

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2130

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2021-22921

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7hq-5yyx-tuhs

url VCID-bx67-aud6-b3fa

vulnerability_id VCID-bx67-aud6-b3fa

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22025.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22025.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-22025

reference_id

reference_type

scores

value	0.0043
scoring_system	epss
scoring_elements	0.62515
published_at	2026-04-04T12:55:00Z

value	0.0043
scoring_system	epss
scoring_elements	0.62483
published_at	2026-04-02T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70404
published_at	2026-04-08T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70415
published_at	2026-04-13T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70429
published_at	2026-04-12T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70444
published_at	2026-04-11T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70457
published_at	2026-04-16T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.7042
published_at	2026-04-09T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70359
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-22025

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22025
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22025

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2270559
reference_id	2270559
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2270559

reference_url

https://hackerone.com/reports/2284065

reference_id

2284065

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T20:30:35Z/

url

https://hackerone.com/reports/2284065

reference_url	https://security.gentoo.org/glsa/202505-11
reference_id	GLSA-202505-11
reference_type
scores
url	https://security.gentoo.org/glsa/202505-11

reference_url

https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html

reference_id

msg00029.html

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T20:30:35Z/

url

https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html

reference_url

https://security.netapp.com/advisory/ntap-20240517-0008/

reference_id

ntap-20240517-0008

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T20:30:35Z/

url

https://security.netapp.com/advisory/ntap-20240517-0008/

reference_url	https://access.redhat.com/errata/RHSA-2024:2778
reference_id	RHSA-2024:2778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2778

reference_url	https://access.redhat.com/errata/RHSA-2024:2779
reference_id	RHSA-2024:2779
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2779

reference_url	https://access.redhat.com/errata/RHSA-2024:2780
reference_id	RHSA-2024:2780
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2780

reference_url	https://access.redhat.com/errata/RHSA-2024:2853
reference_id	RHSA-2024:2853
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2853

reference_url	https://access.redhat.com/errata/RHSA-2024:2910
reference_id	RHSA-2024:2910
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2910

reference_url	https://access.redhat.com/errata/RHSA-2024:4559
reference_id	RHSA-2024:4559
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4559

reference_url	https://access.redhat.com/errata/RHSA-2024:4721
reference_id	RHSA-2024:4721
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4721

fixed_packages

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.19.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@18.19.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2024-22025

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bx67-aud6-b3fa

url VCID-c8xz-v6h3-6ueb

vulnerability_id VCID-c8xz-v6h3-6ueb

summary nodejs: libuv: Out-of-Bounds Access Due to Inconsistent off_t Size in libuv and Node.js Build on i386

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47153.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47153.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-47153

reference_id

reference_type

scores

value	0.00692
scoring_system	epss
scoring_elements	0.71787
published_at	2026-04-02T12:55:00Z

value	0.00692
scoring_system	epss
scoring_elements	0.71861
published_at	2026-04-16T12:55:00Z

value	0.00692
scoring_system	epss
scoring_elements	0.71805
published_at	2026-04-04T12:55:00Z

value	0.00692
scoring_system	epss
scoring_elements	0.71779
published_at	2026-04-07T12:55:00Z

value	0.00692
scoring_system	epss
scoring_elements	0.71818
published_at	2026-04-08T12:55:00Z

value	0.00692
scoring_system	epss
scoring_elements	0.71829
published_at	2026-04-09T12:55:00Z

value	0.00692
scoring_system	epss
scoring_elements	0.71854
published_at	2026-04-11T12:55:00Z

value	0.00692
scoring_system	epss
scoring_elements	0.71837
published_at	2026-04-12T12:55:00Z

value	0.00692
scoring_system	epss
scoring_elements	0.71819
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-47153

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47153
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47153

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2363236
reference_id	2363236
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2363236

reference_url

https://github.com/nodejs/node-v0.x-archive/issues/4549

reference_id

4549

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:42:34Z/

url

https://github.com/nodejs/node-v0.x-archive/issues/4549

reference_url

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076350

reference_id

bugreport.cgi?bug=1076350

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:42:34Z/

url

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076350

reference_url

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922075

reference_id

bugreport.cgi?bug=922075

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:42:34Z/

url

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922075

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=892601

reference_id

show_bug.cgi?id=892601

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:42:34Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=892601

fixed_packages

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u7?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u7%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.0%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.0%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.0%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2025-47153

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c8xz-v6h3-6ueb

url VCID-cjrh-xgy5-63ga

vulnerability_id VCID-cjrh-xgy5-63ga

summary

An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. 

This vulnerability affects Windows users of `path.join` API.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-27210

reference_id

reference_type

scores

value	0.03967
scoring_system	epss
scoring_elements	0.88393
published_at	2026-04-16T12:55:00Z

value	0.07107
scoring_system	epss
scoring_elements	0.91498
published_at	2026-04-02T12:55:00Z

value	0.09232
scoring_system	epss
scoring_elements	0.92698
published_at	2026-04-07T12:55:00Z

value	0.09232
scoring_system	epss
scoring_elements	0.92712
published_at	2026-04-09T12:55:00Z

value	0.09232
scoring_system	epss
scoring_elements	0.92718
published_at	2026-04-11T12:55:00Z

value	0.09232
scoring_system	epss
scoring_elements	0.92717
published_at	2026-04-13T12:55:00Z

value	0.09232
scoring_system	epss
scoring_elements	0.92699
published_at	2026-04-04T12:55:00Z

value	0.09232
scoring_system	epss
scoring_elements	0.92708
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-27210

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/nodejs/remote/52369.py
reference_id	CVE-2025-27210
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/nodejs/remote/52369.py

reference_url

https://nodejs.org/en/blog/vulnerability/july-2025-security-releases

reference_id

july-2025-security-releases

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-21T17:11:02Z/

url

https://nodejs.org/en/blog/vulnerability/july-2025-security-releases

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2025-27210

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cjrh-xgy5-63ga

url VCID-d8nf-t1fb-2uad

vulnerability_id VCID-d8nf-t1fb-2uad

summary

Multiple vulnerabilities have been found in Node.js, the worst of
    which can allow remote attackers to cause Denial of Service conditions.

references

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177184.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177184.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177673.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177673.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2086.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2086.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2086

reference_id

reference_type

scores

value	0.00482
scoring_system	epss
scoring_elements	0.65188
published_at	2026-04-16T12:55:00Z

value	0.00482
scoring_system	epss
scoring_elements	0.6518
published_at	2026-04-12T12:55:00Z

value	0.00482
scoring_system	epss
scoring_elements	0.65153
published_at	2026-04-13T12:55:00Z

value	0.00482
scoring_system	epss
scoring_elements	0.6507
published_at	2026-04-01T12:55:00Z

value	0.00482
scoring_system	epss
scoring_elements	0.6512
published_at	2026-04-02T12:55:00Z

value	0.00482
scoring_system	epss
scoring_elements	0.65147
published_at	2026-04-04T12:55:00Z

value	0.00482
scoring_system	epss
scoring_elements	0.65112
published_at	2026-04-07T12:55:00Z

value	0.00482
scoring_system	epss
scoring_elements	0.65162
published_at	2026-04-08T12:55:00Z

value	0.00482
scoring_system	epss
scoring_elements	0.65174
published_at	2026-04-09T12:55:00Z

value	0.00482
scoring_system	epss
scoring_elements	0.65193
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2086

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2086

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/

reference_url	http://www.securityfocus.com/bid/83282
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/83282

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1306200
reference_id	1306200
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1306200

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.1:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.10:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.11:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.12:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.13:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.14:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.15:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.16:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.16-isaacs-manual:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.16-isaacs-manual:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.16-isaacs-manual:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.17:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.18:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.18:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.18:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.19:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.19:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.2:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.20:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.21:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.21:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.21:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.22:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.22:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.22:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.23:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.24:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.24:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.24:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.25:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.25:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.25:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.26:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.26:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.26:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.27:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.27:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.27:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.28:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.29:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.29:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.29:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.3:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.30:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.31:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.31:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.32:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.32:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.32:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.33:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.33:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.33:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.34:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.34:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.34:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.35:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.35:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.35:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.36:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.36:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.36:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.37:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.37:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.37:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.38:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.38:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.38:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.39:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.39:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.39:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.4:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.40:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.40:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.40:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.41:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.41:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.41:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.5:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.6:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.7:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.8:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.9:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.10.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.12.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.1:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.12.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.2:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.12.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.3:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.12.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.4:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.12.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.5:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.12.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.6:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.12.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.7:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.12.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.8:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.12.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.9:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:0.12.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.0.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:4.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:4.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.1:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:4.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.2:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:4.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:4.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.1:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:4.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.2:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:4.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.3:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:4.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.4:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:4.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.5:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:4.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.6:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:4.2.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.0.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:5.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.1.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:5.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.1.1:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:5.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.2.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:5.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.3.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:5.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.4.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:5.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.4.1:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:5.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.5.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:5.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:22:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-2086

reference_id

CVE-2016-2086

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2086

reference_url	https://security.gentoo.org/glsa/201612-43
reference_id	GLSA-201612-43
reference_type
scores
url	https://security.gentoo.org/glsa/201612-43

fixed_packages

url	pkg:deb/debian/nodejs@4.3.0~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@4.3.0~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@4.3.0~dfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2016-2086

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d8nf-t1fb-2uad

url VCID-dfdy-vhdd-5kh4

vulnerability_id VCID-dfdy-vhdd-5kh4

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35256.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35256.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-35256

reference_id

reference_type

scores

value	0.03945
scoring_system	epss
scoring_elements	0.88301
published_at	2026-04-02T12:55:00Z

value	0.03945
scoring_system	epss
scoring_elements	0.88361
published_at	2026-04-16T12:55:00Z

value	0.03945
scoring_system	epss
scoring_elements	0.88315
published_at	2026-04-04T12:55:00Z

value	0.03945
scoring_system	epss
scoring_elements	0.8832
published_at	2026-04-07T12:55:00Z

value	0.03945
scoring_system	epss
scoring_elements	0.88339
published_at	2026-04-08T12:55:00Z

value	0.03945
scoring_system	epss
scoring_elements	0.88346
published_at	2026-04-09T12:55:00Z

value	0.03945
scoring_system	epss
scoring_elements	0.88356
published_at	2026-04-11T12:55:00Z

value	0.03945
scoring_system	epss
scoring_elements	0.88348
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-35256

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1675191

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:21:44Z/

url

https://hackerone.com/reports/1675191

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2130518
reference_id	2130518
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2130518

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-35256
reference_id	CVE-2022-35256
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-35256

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2022:6963
reference_id	RHSA-2022:6963
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6963

reference_url	https://access.redhat.com/errata/RHSA-2022:6964
reference_id	RHSA-2022:6964
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6964

reference_url	https://access.redhat.com/errata/RHSA-2022:7044
reference_id	RHSA-2022:7044
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7044

reference_url	https://access.redhat.com/errata/RHSA-2022:7821
reference_id	RHSA-2022:7821
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7821

reference_url	https://access.redhat.com/errata/RHSA-2022:7830
reference_id	RHSA-2022:7830
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7830

reference_url	https://access.redhat.com/errata/RHSA-2023:0321
reference_id	RHSA-2023:0321
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0321

reference_url	https://access.redhat.com/errata/RHSA-2023:1533
reference_id	RHSA-2023:1533
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1533

reference_url	https://access.redhat.com/errata/RHSA-2023:1742
reference_id	RHSA-2023:1742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1742

reference_url	https://usn.ubuntu.com/6491-1/
reference_id	USN-6491-1
reference_type
scores
url	https://usn.ubuntu.com/6491-1/

fixed_packages

url	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.10.0%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@18.10.0%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.10.0%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2022-35256

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dfdy-vhdd-5kh4

url VCID-dmv4-ydq9-a7eq

vulnerability_id VCID-dmv4-ydq9-a7eq

summary Excessive CPU usage in HTTP/2 with small window updates

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9511.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9511.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-9511

reference_id

reference_type

scores

value	0.13948
scoring_system	epss
scoring_elements	0.94283
published_at	2026-04-01T12:55:00Z

value	0.13948
scoring_system	epss
scoring_elements	0.94339
published_at	2026-04-16T12:55:00Z

value	0.13948
scoring_system	epss
scoring_elements	0.94304
published_at	2026-04-07T12:55:00Z

value	0.13948
scoring_system	epss
scoring_elements	0.94313
published_at	2026-04-08T12:55:00Z

value	0.13948
scoring_system	epss
scoring_elements	0.94318
published_at	2026-04-09T12:55:00Z

value	0.13948
scoring_system	epss
scoring_elements	0.94322
published_at	2026-04-12T12:55:00Z

value	0.13948
scoring_system	epss
scoring_elements	0.94324
published_at	2026-04-13T12:55:00Z

value	0.13948
scoring_system	epss
scoring_elements	0.94292
published_at	2026-04-02T12:55:00Z

value	0.13948
scoring_system	epss
scoring_elements	0.94302
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-9511

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html

reference_id

reference_type

scores

value	medium
scoring_system	generic_textual
scoring_elements

url

https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1741860
reference_id	1741860
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1741860

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885
reference_id	934885
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037
reference_id	935037
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037

reference_url	https://security.archlinux.org/ASA-201908-12
reference_id	ASA-201908-12
reference_type
scores
url	https://security.archlinux.org/ASA-201908-12

reference_url	https://security.archlinux.org/ASA-201908-13
reference_id	ASA-201908-13
reference_type
scores
url	https://security.archlinux.org/ASA-201908-13

reference_url	https://security.archlinux.org/ASA-201908-17
reference_id	ASA-201908-17
reference_type
scores
url	https://security.archlinux.org/ASA-201908-17

reference_url

reference_id

AVG-1022

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-1023

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-1024

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44532.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2019-9511
reference_id	CVE-2019-9511
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2019-9511

reference_url	https://access.redhat.com/errata/RHSA-2019:2692
reference_id	RHSA-2019:2692
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2692

reference_url	https://access.redhat.com/errata/RHSA-2019:2745
reference_id	RHSA-2019:2745
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2745

reference_url	https://access.redhat.com/errata/RHSA-2019:2746
reference_id	RHSA-2019:2746
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2746

reference_url	https://access.redhat.com/errata/RHSA-2019:2775
reference_id	RHSA-2019:2775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2775

reference_url	https://access.redhat.com/errata/RHSA-2019:2799
reference_id	RHSA-2019:2799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2799

reference_url	https://access.redhat.com/errata/RHSA-2019:2946
reference_id	RHSA-2019:2946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2946

reference_url	https://access.redhat.com/errata/RHSA-2019:2949
reference_id	RHSA-2019:2949
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2949

reference_url	https://access.redhat.com/errata/RHSA-2019:3041
reference_id	RHSA-2019:3041
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3041

reference_url	https://access.redhat.com/errata/RHSA-2019:3932
reference_id	RHSA-2019:3932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3932

reference_url	https://access.redhat.com/errata/RHSA-2019:3933
reference_id	RHSA-2019:3933
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3933

reference_url	https://access.redhat.com/errata/RHSA-2019:3935
reference_id	RHSA-2019:3935
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3935

reference_url	https://access.redhat.com/errata/RHSA-2020:0922
reference_id	RHSA-2020:0922
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0922

reference_url	https://access.redhat.com/errata/RHSA-2020:1445
reference_id	RHSA-2020:1445
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1445

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2565
reference_id	RHSA-2020:2565
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2565

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2024:5856
reference_id	RHSA-2024:5856
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5856

reference_url	https://usn.ubuntu.com/4099-1/
reference_id	USN-4099-1
reference_type
scores
url	https://usn.ubuntu.com/4099-1/

reference_url	https://usn.ubuntu.com/6754-1/
reference_id	USN-6754-1
reference_type
scores
url	https://usn.ubuntu.com/6754-1/

fixed_packages

url	pkg:deb/debian/nodejs@10.16.3~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@10.16.3~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.16.3~dfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2019-9511

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dmv4-ydq9-a7eq

url VCID-e18p-c3m9-2qgy

vulnerability_id VCID-e18p-c3m9-2qgy

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44532.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44532

reference_id

reference_type

scores

value	0.00132
scoring_system	epss
scoring_elements	0.32731
published_at	2026-04-01T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32862
published_at	2026-04-02T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32897
published_at	2026-04-04T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32718
published_at	2026-04-07T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32765
published_at	2026-04-08T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32792
published_at	2026-04-09T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32794
published_at	2026-04-11T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32756
published_at	2026-04-12T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.3273
published_at	2026-04-13T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32771
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44532

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177
reference_id	1004177
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2040846
reference_id	2040846
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2040846

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2022:4914
reference_id	RHSA-2022:4914
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4914

reference_url	https://access.redhat.com/errata/RHSA-2022:7044
reference_id	RHSA-2022:7044
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7044

reference_url	https://access.redhat.com/errata/RHSA-2022:7830
reference_id	RHSA-2022:7830
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7830

reference_url	https://access.redhat.com/errata/RHSA-2022:9073
reference_id	RHSA-2022:9073
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9073

reference_url	https://access.redhat.com/errata/RHSA-2023:1742
reference_id	RHSA-2023:1742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1742

reference_url	https://access.redhat.com/errata/RHSA-2023:3742
reference_id	RHSA-2023:3742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3742

fixed_packages

url	pkg:deb/debian/nodejs@12.22.9~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.9~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.9~dfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2021-44532

risk_score 3.4

exploitability 0.5

weighted_severity 6.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e18p-c3m9-2qgy

url VCID-e6gj-fe31-kkh5

vulnerability_id VCID-e6gj-fe31-kkh5

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46809.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46809.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-46809

reference_id

reference_type

scores

value	0.01239
scoring_system	epss
scoring_elements	0.79194
published_at	2026-04-02T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79259
published_at	2026-04-16T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.7926
published_at	2026-04-11T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79244
published_at	2026-04-12T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79232
published_at	2026-04-13T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79218
published_at	2026-04-04T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79203
published_at	2026-04-07T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79228
published_at	2026-04-08T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79236
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-46809

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46809
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46809

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055
reference_id	1064055
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2264569
reference_id	2264569
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2264569

reference_url

https://nodejs.org/en/blog/vulnerability/february-2024-security-releases

reference_id

february-2024-security-releases

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T17:40:41Z/

url

https://nodejs.org/en/blog/vulnerability/february-2024-security-releases

reference_url	https://security.gentoo.org/glsa/202505-11
reference_id	GLSA-202505-11
reference_type
scores
url	https://security.gentoo.org/glsa/202505-11

reference_url	https://access.redhat.com/errata/RHSA-2024:1503
reference_id	RHSA-2024:1503
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1503

reference_url	https://access.redhat.com/errata/RHSA-2024:1510
reference_id	RHSA-2024:1510
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1510

reference_url	https://access.redhat.com/errata/RHSA-2024:1687
reference_id	RHSA-2024:1687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1687

reference_url	https://access.redhat.com/errata/RHSA-2024:1688
reference_id	RHSA-2024:1688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1688

reference_url	https://access.redhat.com/errata/RHSA-2024:1880
reference_id	RHSA-2024:1880
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1880

reference_url	https://access.redhat.com/errata/RHSA-2024:1932
reference_id	RHSA-2024:1932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1932

fixed_packages

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.19.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@18.19.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2023-46809

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e6gj-fe31-kkh5

url VCID-e7u5-356v-jbg7

vulnerability_id VCID-e7u5-356v-jbg7

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30590.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30590.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-30590

reference_id

reference_type

scores

value	0.00954
scoring_system	epss
scoring_elements	0.76361
published_at	2026-04-02T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76391
published_at	2026-04-04T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76373
published_at	2026-04-07T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76405
published_at	2026-04-08T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.7642
published_at	2026-04-09T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76445
published_at	2026-04-11T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76423
published_at	2026-04-12T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76418
published_at	2026-04-13T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76459
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-30590

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990
reference_id	1039990
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2219842
reference_id	2219842
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2219842

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2023:4330
reference_id	RHSA-2023:4330
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4330

reference_url	https://access.redhat.com/errata/RHSA-2023:4331
reference_id	RHSA-2023:4331
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4331

reference_url	https://access.redhat.com/errata/RHSA-2023:4536
reference_id	RHSA-2023:4536
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4536

reference_url	https://access.redhat.com/errata/RHSA-2023:4537
reference_id	RHSA-2023:4537
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4537

reference_url	https://access.redhat.com/errata/RHSA-2023:5361
reference_id	RHSA-2023:5361
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5361

reference_url	https://access.redhat.com/errata/RHSA-2023:5533
reference_id	RHSA-2023:5533
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5533

reference_url	https://usn.ubuntu.com/6735-1/
reference_id	USN-6735-1
reference_type
scores
url	https://usn.ubuntu.com/6735-1/

fixed_packages

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie
purl	pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.13.0%252Bdfsg1-1.1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie
purl	pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.0%252Bdfsg-6~deb12u1%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2023-30590

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e7u5-356v-jbg7

url VCID-ec66-gwvw-kucs

vulnerability_id VCID-ec66-gwvw-kucs

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30587.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30587.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-30587

reference_id

reference_type

scores

value	0.00014
scoring_system	epss
scoring_elements	0.02564
published_at	2026-04-02T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02562
published_at	2026-04-16T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02579
published_at	2026-04-12T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02577
published_at	2026-04-13T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02578
published_at	2026-04-04T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02582
published_at	2026-04-07T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02587
published_at	2026-04-08T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02608
published_at	2026-04-09T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02591
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-30587

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2219831
reference_id	2219831
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2219831

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url

https://nodejs.org/en/blog/vulnerability/june-2023-security-releases

reference_id

june-2023-security-releases

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-09T18:23:12Z/

url

https://nodejs.org/en/blog/vulnerability/june-2023-security-releases

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2023-30587

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ec66-gwvw-kucs

url VCID-enz6-qdn6-dkgm

vulnerability_id VCID-enz6-qdn6-dkgm

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38552.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38552.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-38552

reference_id

reference_type

scores

value	0.00397
scoring_system	epss
scoring_elements	0.6041
published_at	2026-04-02T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.60499
published_at	2026-04-16T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.60437
published_at	2026-04-04T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.60405
published_at	2026-04-07T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.60454
published_at	2026-04-08T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.6047
published_at	2026-04-09T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.6049
published_at	2026-04-11T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.60477
published_at	2026-04-12T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.60457
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-38552

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054892
reference_id	1054892
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054892

reference_url

https://hackerone.com/reports/2094235

reference_id

2094235

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:14:02Z/

url

https://hackerone.com/reports/2094235

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2244415
reference_id	2244415
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2244415

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/

reference_id

3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:14:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/

reference_id

E72T67UPDRXHIDLO3OROR25YAMN4GGW5

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:14:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/

reference_id

FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:14:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/

reference_url	https://security.gentoo.org/glsa/202505-11
reference_id	GLSA-202505-11
reference_type
scores
url	https://security.gentoo.org/glsa/202505-11

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/

reference_id

HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:14:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/

reference_id

LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:14:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/

reference_url

https://security.netapp.com/advisory/ntap-20231116-0013/

reference_id

ntap-20231116-0013

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:14:02Z/

url

https://security.netapp.com/advisory/ntap-20231116-0013/

reference_url	https://access.redhat.com/errata/RHSA-2023:5849
reference_id	RHSA-2023:5849
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5849

reference_url	https://access.redhat.com/errata/RHSA-2023:5869
reference_id	RHSA-2023:5869
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5869

reference_url	https://access.redhat.com/errata/RHSA-2023:7205
reference_id	RHSA-2023:7205
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7205

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/

reference_id

X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:14:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie
purl	pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.13.0%252Bdfsg1-1.1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie
purl	pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.0%252Bdfsg-6~deb12u1%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2023-38552

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-enz6-qdn6-dkgm

url VCID-f7ch-ze7a-d7gr

vulnerability_id VCID-f7ch-ze7a-d7gr

summary

Multiple vulnerabilities have been found in Node.js, worst of which
    could allow remote attackers to write arbitrary files.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12116.json

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12116.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12116

reference_id

reference_type

scores

value	0.00619
scoring_system	epss
scoring_elements	0.69917
published_at	2026-04-01T12:55:00Z

value	0.00619
scoring_system	epss
scoring_elements	0.69929
published_at	2026-04-02T12:55:00Z

value	0.00619
scoring_system	epss
scoring_elements	0.69944
published_at	2026-04-04T12:55:00Z

value	0.00619
scoring_system	epss
scoring_elements	0.69922
published_at	2026-04-07T12:55:00Z

value	0.00619
scoring_system	epss
scoring_elements	0.6997
published_at	2026-04-08T12:55:00Z

value	0.00619
scoring_system	epss
scoring_elements	0.69987
published_at	2026-04-09T12:55:00Z

value	0.00619
scoring_system	epss
scoring_elements	0.7001
published_at	2026-04-11T12:55:00Z

value	0.00619
scoring_system	epss
scoring_elements	0.69995
published_at	2026-04-12T12:55:00Z

value	0.00619
scoring_system	epss
scoring_elements	0.69981
published_at	2026-04-13T12:55:00Z

value	0.00619
scoring_system	epss
scoring_elements	0.70024
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12116

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12116
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12116

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1660998
reference_id	1660998
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1660998

reference_url	https://usn.ubuntu.com/USN-4796-1/
reference_id	USN-USN-4796-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4796-1/

fixed_packages

url	pkg:deb/debian/nodejs@10.15.0~dfsg-6?distro=trixie
purl	pkg:deb/debian/nodejs@10.15.0~dfsg-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.15.0~dfsg-6%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2018-12116

risk_score 3.2

exploitability 0.5

weighted_severity 6.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f7ch-ze7a-d7gr

url VCID-fetp-hvhq-dube

vulnerability_id VCID-fetp-hvhq-dube

summary Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21712.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21712.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-21712

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01719
published_at	2026-04-02T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02676
published_at	2026-04-04T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02769
published_at	2026-04-16T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02817
published_at	2026-04-08T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02838
published_at	2026-04-09T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02807
published_at	2026-04-11T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02788
published_at	2026-04-12T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02784
published_at	2026-04-13T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02814
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-21712

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2453037
reference_id	2453037
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2453037

reference_url

https://hackerone.com/reports/3546390

reference_id

3546390

reference_type

scores

value	5.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T15:52:17Z/

url

https://hackerone.com/reports/3546390

reference_url

https://nodejs.org/en/blog/vulnerability/march-2026-security-releases

reference_id

march-2026-security-releases

reference_type

scores

value	5.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T15:52:17Z/

url

https://nodejs.org/en/blog/vulnerability/march-2026-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2026:7350
reference_id	RHSA-2026:7350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7350

reference_url	https://access.redhat.com/errata/RHSA-2026:7670
reference_id	RHSA-2026:7670
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7670

reference_url	https://access.redhat.com/errata/RHSA-2026:7675
reference_id	RHSA-2026:7675
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7675

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2026-21712

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fetp-hvhq-dube

url VCID-g28p-7shw-n3bn

vulnerability_id VCID-g28p-7shw-n3bn

summary Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-14849

reference_id

reference_type

scores

value	0.90232
scoring_system	epss
scoring_elements	0.99596
published_at	2026-04-16T12:55:00Z

value	0.90232
scoring_system	epss
scoring_elements	0.99595
published_at	2026-04-13T12:55:00Z

value	0.90232
scoring_system	epss
scoring_elements	0.99591
published_at	2026-04-02T12:55:00Z

value	0.90232
scoring_system	epss
scoring_elements	0.99592
published_at	2026-04-04T12:55:00Z

value	0.90232
scoring_system	epss
scoring_elements	0.99593
published_at	2026-04-07T12:55:00Z

value	0.90232
scoring_system	epss
scoring_elements	0.99594
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-14849

reference_url	https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/

reference_url	https://twitter.com/nodejs/status/913131152868876288
reference_id
reference_type
scores
url	https://twitter.com/nodejs/status/913131152868876288

reference_url	http://www.securityfocus.com/bid/101056
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101056

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.5.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:8.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.5.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-14849

reference_id

CVE-2017-14849

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-14849

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2017-14849

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g28p-7shw-n3bn

url VCID-g5wj-ffk1-7bg7

vulnerability_id VCID-g5wj-ffk1-7bg7

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30586.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30586.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-30586

reference_id

reference_type

scores

value	0.00044
scoring_system	epss
scoring_elements	0.13467
published_at	2026-04-02T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13256
published_at	2026-04-16T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13456
published_at	2026-04-09T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.1343
published_at	2026-04-11T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13395
published_at	2026-04-12T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13349
published_at	2026-04-13T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13529
published_at	2026-04-04T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13324
published_at	2026-04-07T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13406
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-30586

reference_url

https://hackerone.com/reports/1954535

reference_id

1954535

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-27T18:27:16Z/

url

https://hackerone.com/reports/1954535

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2219837
reference_id	2219837
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2219837

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url

https://security.netapp.com/advisory/ntap-20230803-0008/

reference_id

ntap-20230803-0008

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-27T18:27:16Z/

url

https://security.netapp.com/advisory/ntap-20230803-0008/

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2023-30586

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g5wj-ffk1-7bg7

url VCID-gwyr-ac4e-dqfa

vulnerability_id VCID-gwyr-ac4e-dqfa

summary

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
The llhttp parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22959.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22959.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22959

reference_id

reference_type

scores

value	0.00212
scoring_system	epss
scoring_elements	0.43692
published_at	2026-04-01T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43791
published_at	2026-04-16T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43746
published_at	2026-04-12T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.4373
published_at	2026-04-13T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43747
published_at	2026-04-02T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43772
published_at	2026-04-04T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43706
published_at	2026-04-07T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43756
published_at	2026-04-08T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43759
published_at	2026-04-09T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43779
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/1238709
reference_id
reference_type
scores
url	https://hackerone.com/reports/1238709

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2014057
reference_id	2014057
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2014057

reference_url	https://security.archlinux.org/ASA-202110-4
reference_id	ASA-202110-4
reference_type
scores
url	https://security.archlinux.org/ASA-202110-4

reference_url

reference_id

AVG-2460

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12120.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-22959
reference_id	CVE-2021-22959
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-22959

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2021:5171
reference_id	RHSA-2021:5171
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5171

reference_url	https://access.redhat.com/errata/RHSA-2022:0041
reference_id	RHSA-2022:0041
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0041

reference_url	https://access.redhat.com/errata/RHSA-2022:0246
reference_id	RHSA-2022:0246
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0246

reference_url	https://access.redhat.com/errata/RHSA-2022:0350
reference_id	RHSA-2022:0350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0350

reference_url	https://access.redhat.com/errata/RHSA-2022:4914
reference_id	RHSA-2022:4914
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4914

fixed_packages

url	pkg:deb/debian/nodejs@12.22.7~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.7~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.7~dfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2021-22959

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gwyr-ac4e-dqfa

url VCID-h8gu-1htb-u3fg

vulnerability_id VCID-h8gu-1htb-u3fg

summary nodejs: Debugger port 5858 listens on any interface by default

references

reference_url

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12120.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12120

reference_id

reference_type

scores

value	0.00422
scoring_system	epss
scoring_elements	0.61938
published_at	2026-04-01T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.6201
published_at	2026-04-02T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62041
published_at	2026-04-04T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62009
published_at	2026-04-07T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62059
published_at	2026-04-08T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62077
published_at	2026-04-09T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62098
published_at	2026-04-11T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62087
published_at	2026-04-12T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62066
published_at	2026-04-13T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62109
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12120

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12120
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12120

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1661016
reference_id	1661016
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1661016

fixed_packages

url	pkg:deb/debian/nodejs@8.9.3~dfsg-5?distro=trixie
purl	pkg:deb/debian/nodejs@8.9.3~dfsg-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@8.9.3~dfsg-5%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2018-12120

risk_score 3.3

exploitability 0.5

weighted_severity 6.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h8gu-1htb-u3fg

url VCID-hnjv-fp2r-vqfq

vulnerability_id VCID-hnjv-fp2r-vqfq

summary Node.js: insecure loading of ICU data through ICU_DATA environment variable

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23920.json

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23920.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-23920

reference_id

reference_type

scores

value	0.00096
scoring_system	epss
scoring_elements	0.26656
published_at	2026-04-02T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26511
published_at	2026-04-16T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26699
published_at	2026-04-04T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26485
published_at	2026-04-07T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26553
published_at	2026-04-08T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26602
published_at	2026-04-09T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26608
published_at	2026-04-11T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26562
published_at	2026-04-12T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26505
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-23920

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834
reference_id	1031834
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2172217
reference_id	2172217
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2172217

reference_url

https://www.debian.org/security/2023/dsa-5395

reference_id

dsa-5395

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/

url

https://www.debian.org/security/2023/dsa-5395

reference_url

https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/

reference_id

february-2023-security-releases

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/

url

https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/

reference_url

https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html

reference_id

msg00038.html

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html

reference_url

https://security.netapp.com/advisory/ntap-20230316-0008/

reference_id

ntap-20230316-0008

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/

url

https://security.netapp.com/advisory/ntap-20230316-0008/

reference_url	https://access.redhat.com/errata/RHSA-2023:1533
reference_id	RHSA-2023:1533
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1533

reference_url	https://access.redhat.com/errata/RHSA-2023:1582
reference_id	RHSA-2023:1582
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1582

reference_url	https://access.redhat.com/errata/RHSA-2023:1583
reference_id	RHSA-2023:1583
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1583

reference_url	https://access.redhat.com/errata/RHSA-2023:1742
reference_id	RHSA-2023:1742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1742

reference_url	https://access.redhat.com/errata/RHSA-2023:1743
reference_id	RHSA-2023:1743
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1743

reference_url	https://access.redhat.com/errata/RHSA-2023:1744
reference_id	RHSA-2023:1744
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1744

reference_url	https://access.redhat.com/errata/RHSA-2023:2654
reference_id	RHSA-2023:2654
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2654

reference_url	https://access.redhat.com/errata/RHSA-2023:2655
reference_id	RHSA-2023:2655
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2655

reference_url	https://access.redhat.com/errata/RHSA-2023:5533
reference_id	RHSA-2023:5533
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5533

reference_url	https://usn.ubuntu.com/6672-1/
reference_id	USN-6672-1
reference_type
scores
url	https://usn.ubuntu.com/6672-1/

fixed_packages

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie
purl	pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.13.0%252Bdfsg1-1.1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie
purl	pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.0%252Bdfsg-6~deb12u1%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2023-23920

risk_score 1.9

exploitability 0.5

weighted_severity 3.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hnjv-fp2r-vqfq

url VCID-hu7c-gc8f-q3cm

vulnerability_id VCID-hu7c-gc8f-q3cm

summary nodejs: Constant Hashtable Seeds vulnerability

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11499.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11499.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-11499

reference_id

reference_type

scores

value	0.00378
scoring_system	epss
scoring_elements	0.59252
published_at	2026-04-01T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59395
published_at	2026-04-16T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.5938
published_at	2026-04-12T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59362
published_at	2026-04-13T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59326
published_at	2026-04-02T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59349
published_at	2026-04-04T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59314
published_at	2026-04-07T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59364
published_at	2026-04-08T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59377
published_at	2026-04-09T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59396
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-11499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11499

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1475327
reference_id	1475327
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1475327

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868162
reference_id	868162
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868162

reference_url	https://access.redhat.com/errata/RHSA-2017:2908
reference_id	RHSA-2017:2908
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2908

reference_url	https://access.redhat.com/errata/RHSA-2017:3002
reference_id	RHSA-2017:3002
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3002

fixed_packages

url	pkg:deb/debian/nodejs@4.8.4~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@4.8.4~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@4.8.4~dfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2017-11499

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hu7c-gc8f-q3cm

url VCID-jbph-d393-byd4

vulnerability_id VCID-jbph-d393-byd4

summary nodejs: privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30585.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30585.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-30585

reference_id

reference_type

scores

value	0.02122
scoring_system	epss
scoring_elements	0.84091
published_at	2026-04-02T12:55:00Z

value	0.02122
scoring_system	epss
scoring_elements	0.84109
published_at	2026-04-04T12:55:00Z

value	0.02122
scoring_system	epss
scoring_elements	0.8411
published_at	2026-04-07T12:55:00Z

value	0.02122
scoring_system	epss
scoring_elements	0.84133
published_at	2026-04-08T12:55:00Z

value	0.02122
scoring_system	epss
scoring_elements	0.84139
published_at	2026-04-09T12:55:00Z

value	0.02122
scoring_system	epss
scoring_elements	0.84156
published_at	2026-04-11T12:55:00Z

value	0.02122
scoring_system	epss
scoring_elements	0.84151
published_at	2026-04-12T12:55:00Z

value	0.02122
scoring_system	epss
scoring_elements	0.84147
published_at	2026-04-13T12:55:00Z

value	0.02122
scoring_system	epss
scoring_elements	0.84169
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-30585

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2219835
reference_id	2219835
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2219835

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2023-30585

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jbph-d393-byd4

url VCID-jbws-qjq3-qbhq

vulnerability_id VCID-jbws-qjq3-qbhq

summary nodejs: Nodejs network segmentation bypass

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21636.json

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21636.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-21636

reference_id

reference_type

scores

value	0.00023
scoring_system	epss
scoring_elements	0.06241
published_at	2026-04-02T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06264
published_at	2026-04-16T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.0633
published_at	2026-04-11T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06324
published_at	2026-04-12T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06313
published_at	2026-04-13T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06272
published_at	2026-04-04T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06251
published_at	2026-04-07T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06297
published_at	2026-04-08T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06338
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-21636

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2431342
reference_id	2431342
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2431342

reference_url

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases

reference_id

december-2025-security-releases

reference_type

scores

value	5.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-21T18:38:13Z/

url

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2026-21636

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jbws-qjq3-qbhq

url VCID-k4cj-47gd-s7ck

vulnerability_id VCID-k4cj-47gd-s7ck

summary nodejs: Nodejs memory leak

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59464.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59464.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-59464

reference_id

reference_type

scores

value	0.00053
scoring_system	epss
scoring_elements	0.16583
published_at	2026-04-02T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16409
published_at	2026-04-16T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16566
published_at	2026-04-11T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16526
published_at	2026-04-12T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16468
published_at	2026-04-13T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16645
published_at	2026-04-04T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16445
published_at	2026-04-07T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16531
published_at	2026-04-08T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16585
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-59464

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2431344
reference_id	2431344
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2431344

reference_url

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases

reference_id

december-2025-security-releases

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T20:40:07Z/

url

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2025-59464

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k4cj-47gd-s7ck

url VCID-ke6j-fgys-gyga

vulnerability_id VCID-ke6j-fgys-gyga

summary

Multiple vulnerabilities have been found in Node.js, worst of which
    could allow remote attackers to write arbitrary files.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15605.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15605.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-15605

reference_id

reference_type

scores

value	0.32252
scoring_system	epss
scoring_elements	0.96807
published_at	2026-04-01T12:55:00Z

value	0.32252
scoring_system	epss
scoring_elements	0.96815
published_at	2026-04-02T12:55:00Z

value	0.32252
scoring_system	epss
scoring_elements	0.96816
published_at	2026-04-04T12:55:00Z

value	0.32252
scoring_system	epss
scoring_elements	0.9682
published_at	2026-04-07T12:55:00Z

value	0.32252
scoring_system	epss
scoring_elements	0.96828
published_at	2026-04-08T12:55:00Z

value	0.32252
scoring_system	epss
scoring_elements	0.9683
published_at	2026-04-09T12:55:00Z

value	0.32252
scoring_system	epss
scoring_elements	0.96832
published_at	2026-04-12T12:55:00Z

value	0.32252
scoring_system	epss
scoring_elements	0.96834
published_at	2026-04-13T12:55:00Z

value	0.32252
scoring_system	epss
scoring_elements	0.9684
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-15605

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1800364
reference_id	1800364
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1800364

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977467
reference_id	977467
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977467

reference_url	https://access.redhat.com/errata/RHSA-2020:0598
reference_id	RHSA-2020:0598
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0598

reference_url	https://access.redhat.com/errata/RHSA-2020:0703
reference_id	RHSA-2020:0703
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0703

reference_url	https://access.redhat.com/errata/RHSA-2020:0707
reference_id	RHSA-2020:0707
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0707

reference_url	https://access.redhat.com/errata/RHSA-2020:0708
reference_id	RHSA-2020:0708
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0708

reference_url	https://access.redhat.com/errata/RHSA-2020:1510
reference_id	RHSA-2020:1510
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1510

reference_url	https://usn.ubuntu.com/6380-1/
reference_id	USN-6380-1
reference_type
scores
url	https://usn.ubuntu.com/6380-1/

fixed_packages

url	pkg:deb/debian/nodejs@10.19.0~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@10.19.0~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.19.0~dfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2019-15605

risk_score 3.2

exploitability 0.5

weighted_severity 6.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ke6j-fgys-gyga

url VCID-krft-297e-qfdw

vulnerability_id VCID-krft-297e-qfdw

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36137.json

reference_id

reference_type

scores

value	3.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36137.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-36137

reference_id

reference_type

scores

value	0.0008
scoring_system	epss
scoring_elements	0.23557
published_at	2026-04-16T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24092
published_at	2026-04-12T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24035
published_at	2026-04-13T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.2418
published_at	2026-04-02T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24218
published_at	2026-04-04T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24004
published_at	2026-04-07T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24071
published_at	2026-04-08T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24117
published_at	2026-04-09T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24133
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-36137

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2299281
reference_id	2299281
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2299281

reference_url	https://security.gentoo.org/glsa/202505-11
reference_id	GLSA-202505-11
reference_type
scores
url	https://security.gentoo.org/glsa/202505-11

reference_url

https://nodejs.org/en/blog/vulnerability/july-2024-security-releases

reference_id

july-2024-security-releases

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T18:06:27Z/

url

https://nodejs.org/en/blog/vulnerability/july-2024-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2024:5814
reference_id	RHSA-2024:5814
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5814

reference_url	https://access.redhat.com/errata/RHSA-2024:5815
reference_id	RHSA-2024:5815
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5815

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.15.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.15.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.15.1%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2024-36137

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-krft-297e-qfdw

url VCID-kvmm-gh2f-zqau

vulnerability_id VCID-kvmm-gh2f-zqau

summary nodejs: Node.js Rapidhash HashDoS Vulnerability

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27209.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27209.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-27209

reference_id

reference_type

scores

value	0.00022
scoring_system	epss
scoring_elements	0.05749
published_at	2026-04-02T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10234
published_at	2026-04-07T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10335
published_at	2026-04-04T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10307
published_at	2026-04-08T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10369
published_at	2026-04-09T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.104
published_at	2026-04-11T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10358
published_at	2026-04-12T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14078
published_at	2026-04-16T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14188
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-27209

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2382040
reference_id	2382040
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2382040

reference_url

https://nodejs.org/en/blog/vulnerability/july-2025-security-releases

reference_id

july-2025-security-releases

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-21T17:14:28Z/

url

https://nodejs.org/en/blog/vulnerability/july-2025-security-releases

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2025-27209

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kvmm-gh2f-zqau

url VCID-m5ae-uc68-d3g2

vulnerability_id VCID-m5ae-uc68-d3g2

summary

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
This advisory has been marked as a false positive.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21824.json

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21824.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-21824

reference_id

reference_type

scores

value	0.00505
scoring_system	epss
scoring_elements	0.66171
published_at	2026-04-02T12:55:00Z

value	0.0066
scoring_system	epss
scoring_elements	0.71033
published_at	2026-04-07T12:55:00Z

value	0.0066
scoring_system	epss
scoring_elements	0.71076
published_at	2026-04-08T12:55:00Z

value	0.0066
scoring_system	epss
scoring_elements	0.71088
published_at	2026-04-09T12:55:00Z

value	0.0066
scoring_system	epss
scoring_elements	0.71111
published_at	2026-04-11T12:55:00Z

value	0.0066
scoring_system	epss
scoring_elements	0.71096
published_at	2026-04-12T12:55:00Z

value	0.0066
scoring_system	epss
scoring_elements	0.7108
published_at	2026-04-13T12:55:00Z

value	0.0066
scoring_system	epss
scoring_elements	0.71126
published_at	2026-04-16T12:55:00Z

value	0.0066
scoring_system	epss
scoring_elements	0.71058
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-21824

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/1431042
reference_id
reference_type
scores
url	https://hackerone.com/reports/1431042

reference_url	https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/

reference_url	https://security.netapp.com/advisory/ntap-20220325-0007/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220325-0007/

reference_url	https://security.netapp.com/advisory/ntap-20220729-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220729-0004/

reference_url	https://www.debian.org/security/2022/dsa-5170
reference_id
reference_type
scores
url	https://www.debian.org/security/2022/dsa-5170

reference_url	https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url	https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177
reference_id	1004177
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2040862
reference_id	2040862
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2040862

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-21824
reference_id	CVE-2022-21824
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-21824

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2022:4914
reference_id	RHSA-2022:4914
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4914

reference_url	https://access.redhat.com/errata/RHSA-2022:7044
reference_id	RHSA-2022:7044
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7044

reference_url	https://access.redhat.com/errata/RHSA-2022:7830
reference_id	RHSA-2022:7830
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7830

reference_url	https://access.redhat.com/errata/RHSA-2022:9073
reference_id	RHSA-2022:9073
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9073

reference_url	https://access.redhat.com/errata/RHSA-2023:1742
reference_id	RHSA-2023:1742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1742

reference_url	https://access.redhat.com/errata/RHSA-2023:3742
reference_id	RHSA-2023:3742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3742

fixed_packages

url	pkg:deb/debian/nodejs@12.22.9~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.9~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.9~dfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2022-21824

risk_score 3.7

exploitability 0.5

weighted_severity 7.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m5ae-uc68-d3g2

url VCID-m7rw-arzq-jba1

vulnerability_id VCID-m7rw-arzq-jba1

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43548.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43548.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-43548

reference_id

reference_type

scores

value	0.00565
scoring_system	epss
scoring_elements	0.68402
published_at	2026-04-02T12:55:00Z

value	0.00565
scoring_system	epss
scoring_elements	0.68484
published_at	2026-04-16T12:55:00Z

value	0.00565
scoring_system	epss
scoring_elements	0.68422
published_at	2026-04-04T12:55:00Z

value	0.00565
scoring_system	epss
scoring_elements	0.68398
published_at	2026-04-07T12:55:00Z

value	0.00565
scoring_system	epss
scoring_elements	0.68449
published_at	2026-04-08T12:55:00Z

value	0.00565
scoring_system	epss
scoring_elements	0.68466
published_at	2026-04-09T12:55:00Z

value	0.00565
scoring_system	epss
scoring_elements	0.68492
published_at	2026-04-11T12:55:00Z

value	0.00565
scoring_system	epss
scoring_elements	0.6848
published_at	2026-04-12T12:55:00Z

value	0.00565
scoring_system	epss
scoring_elements	0.68447
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-43548

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023518
reference_id	1023518
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023518

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2140911
reference_id	2140911
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2140911

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url

https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html

reference_id

msg00038.html

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-24T14:03:01Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html

reference_url

https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/

reference_id

november-2022-security-releases

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-24T14:03:01Z/

url

https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/

reference_url

https://security.netapp.com/advisory/ntap-20230120-0004/

reference_id

ntap-20230120-0004

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-24T14:03:01Z/

url

https://security.netapp.com/advisory/ntap-20230120-0004/

reference_url

https://security.netapp.com/advisory/ntap-20230427-0007/

reference_id

ntap-20230427-0007

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-24T14:03:01Z/

url

https://security.netapp.com/advisory/ntap-20230427-0007/

reference_url	https://access.redhat.com/errata/RHSA-2022:8832
reference_id	RHSA-2022:8832
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8832

reference_url	https://access.redhat.com/errata/RHSA-2022:8833
reference_id	RHSA-2022:8833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8833

reference_url	https://access.redhat.com/errata/RHSA-2022:9073
reference_id	RHSA-2022:9073
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9073

reference_url	https://access.redhat.com/errata/RHSA-2023:0050
reference_id	RHSA-2023:0050
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0050

reference_url	https://access.redhat.com/errata/RHSA-2023:0321
reference_id	RHSA-2023:0321
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0321

reference_url	https://access.redhat.com/errata/RHSA-2023:0612
reference_id	RHSA-2023:0612
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0612

reference_url	https://access.redhat.com/errata/RHSA-2023:1533
reference_id	RHSA-2023:1533
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1533

reference_url	https://access.redhat.com/errata/RHSA-2023:1742
reference_id	RHSA-2023:1742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1742

reference_url	https://usn.ubuntu.com/6491-1/
reference_id	USN-6491-1
reference_type
scores
url	https://usn.ubuntu.com/6491-1/

fixed_packages

url	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.12.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@18.12.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.12.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2022-43548

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m7rw-arzq-jba1

url VCID-mqcy-2run-93d6

vulnerability_id VCID-mqcy-2run-93d6

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21892.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21892.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-21892

reference_id

reference_type

scores

value	0.00448
scoring_system	epss
scoring_elements	0.636
published_at	2026-04-16T12:55:00Z

value	0.00448
scoring_system	epss
scoring_elements	0.63536
published_at	2026-04-02T12:55:00Z

value	0.00448
scoring_system	epss
scoring_elements	0.63564
published_at	2026-04-13T12:55:00Z

value	0.00448
scoring_system	epss
scoring_elements	0.63529
published_at	2026-04-07T12:55:00Z

value	0.00448
scoring_system	epss
scoring_elements	0.63581
published_at	2026-04-08T12:55:00Z

value	0.00448
scoring_system	epss
scoring_elements	0.63598
published_at	2026-04-12T12:55:00Z

value	0.00448
scoring_system	epss
scoring_elements	0.63613
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-21892

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055
reference_id	1064055
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055

reference_url

https://hackerone.com/reports/2237545

reference_id

2237545

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-12T04:00:40Z/

url

https://hackerone.com/reports/2237545

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2264582
reference_id	2264582
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2264582

reference_url	https://security.gentoo.org/glsa/202505-11
reference_id	GLSA-202505-11
reference_type
scores
url	https://security.gentoo.org/glsa/202505-11

reference_url

https://security.netapp.com/advisory/ntap-20240322-0003/

reference_id

ntap-20240322-0003

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-12T04:00:40Z/

url

https://security.netapp.com/advisory/ntap-20240322-0003/

reference_url	https://access.redhat.com/errata/RHSA-2024:1503
reference_id	RHSA-2024:1503
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1503

reference_url	https://access.redhat.com/errata/RHSA-2024:1510
reference_id	RHSA-2024:1510
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1510

reference_url	https://access.redhat.com/errata/RHSA-2024:1687
reference_id	RHSA-2024:1687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1687

reference_url	https://access.redhat.com/errata/RHSA-2024:1688
reference_id	RHSA-2024:1688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1688

reference_url	https://access.redhat.com/errata/RHSA-2024:1880
reference_id	RHSA-2024:1880
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1880

reference_url	https://access.redhat.com/errata/RHSA-2024:1932
reference_id	RHSA-2024:1932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1932

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.19.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@18.19.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2024-21892

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mqcy-2run-93d6

url VCID-ms5y-gp7v-2qay

vulnerability_id VCID-ms5y-gp7v-2qay

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44533.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44533.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44533

reference_id

reference_type

scores

value	0.00421
scoring_system	epss
scoring_elements	0.61846
published_at	2026-04-01T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.6192
published_at	2026-04-07T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.6195
published_at	2026-04-04T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.61969
published_at	2026-04-08T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.61987
published_at	2026-04-09T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.62008
published_at	2026-04-11T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.61997
published_at	2026-04-12T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.61977
published_at	2026-04-13T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.62019
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44533

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177
reference_id	1004177
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2040856
reference_id	2040856
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2040856

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2022:4914
reference_id	RHSA-2022:4914
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4914

reference_url	https://access.redhat.com/errata/RHSA-2022:7044
reference_id	RHSA-2022:7044
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7044

reference_url	https://access.redhat.com/errata/RHSA-2022:7830
reference_id	RHSA-2022:7830
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7830

reference_url	https://access.redhat.com/errata/RHSA-2022:9073
reference_id	RHSA-2022:9073
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9073

reference_url	https://access.redhat.com/errata/RHSA-2023:1742
reference_id	RHSA-2023:1742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1742

reference_url	https://access.redhat.com/errata/RHSA-2023:3742
reference_id	RHSA-2023:3742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3742

fixed_packages

url	pkg:deb/debian/nodejs@12.22.9~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.9~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.9~dfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2021-44533

risk_score 3.4

exploitability 0.5

weighted_severity 6.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ms5y-gp7v-2qay

url VCID-n66u-b73u-zucb

vulnerability_id VCID-n66u-b73u-zucb

summary

golang.org/x/net/http vulnerable to a reset flood
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. Servers that accept direct connections from untrusted clients could be remotely made to allocate an unlimited amount of memory, until the program crashes. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.

### Specific Go Packages Affected
golang.org/x/net/http2

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html

reference_url

https://access.redhat.com/errata/RHSA-2019:2594

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:2594

reference_url

https://access.redhat.com/errata/RHSA-2019:2661

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:2661

reference_url

https://access.redhat.com/errata/RHSA-2019:2682

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:2682

reference_url

https://access.redhat.com/errata/RHSA-2019:2690

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:2690

reference_url

https://access.redhat.com/errata/RHSA-2019:2726

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:2726

reference_url

https://access.redhat.com/errata/RHSA-2019:2766

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:2766

reference_url

https://access.redhat.com/errata/RHSA-2019:2769

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:2769

reference_url

https://access.redhat.com/errata/RHSA-2019:2796

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:2796

reference_url

https://access.redhat.com/errata/RHSA-2019:2861

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:2861

reference_url

https://access.redhat.com/errata/RHSA-2019:2925

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:2925

reference_url

https://access.redhat.com/errata/RHSA-2019:2939

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:2939

reference_url

https://access.redhat.com/errata/RHSA-2019:2955

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:2955

reference_url

https://access.redhat.com/errata/RHSA-2019:2966

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:2966

reference_url

https://access.redhat.com/errata/RHSA-2019:3131

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:3131

reference_url

https://access.redhat.com/errata/RHSA-2019:3245

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:3245

reference_url

https://access.redhat.com/errata/RHSA-2019:3265

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:3265

reference_url

https://access.redhat.com/errata/RHSA-2019:3892

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:3892

reference_url

https://access.redhat.com/errata/RHSA-2019:3906

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:3906

reference_url

https://access.redhat.com/errata/RHSA-2019:4018

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:4018

reference_url

https://access.redhat.com/errata/RHSA-2019:4019

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:4019

reference_url

https://access.redhat.com/errata/RHSA-2019:4020

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:4020

reference_url

https://access.redhat.com/errata/RHSA-2019:4021

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:4021

reference_url

https://access.redhat.com/errata/RHSA-2019:4040

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:4040

reference_url

https://access.redhat.com/errata/RHSA-2019:4041

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:4041

reference_url

https://access.redhat.com/errata/RHSA-2019:4042

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:4042

reference_url

https://access.redhat.com/errata/RHSA-2019:4045

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:4045

reference_url

https://access.redhat.com/errata/RHSA-2019:4269

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:4269

reference_url

https://access.redhat.com/errata/RHSA-2019:4273

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:4273

reference_url

https://access.redhat.com/errata/RHSA-2019:4352

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:4352

reference_url

https://access.redhat.com/errata/RHSA-2020:0406

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0406

reference_url

https://access.redhat.com/errata/RHSA-2020:0727

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0727

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9514.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9514.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-9514

reference_id

reference_type

scores

value	0.09483
scoring_system	epss
scoring_elements	0.92836
published_at	2026-04-16T12:55:00Z

value	0.09483
scoring_system	epss
scoring_elements	0.92799
published_at	2026-04-01T12:55:00Z

value	0.09483
scoring_system	epss
scoring_elements	0.92806
published_at	2026-04-02T12:55:00Z

value	0.09483
scoring_system	epss
scoring_elements	0.9281
published_at	2026-04-04T12:55:00Z

value	0.09483
scoring_system	epss
scoring_elements	0.92809
published_at	2026-04-07T12:55:00Z

value	0.09483
scoring_system	epss
scoring_elements	0.92818
published_at	2026-04-08T12:55:00Z

value	0.09483
scoring_system	epss
scoring_elements	0.92822
published_at	2026-04-09T12:55:00Z

value	0.09483
scoring_system	epss
scoring_elements	0.92826
published_at	2026-04-13T12:55:00Z

value	0.09483
scoring_system	epss
scoring_elements	0.92825
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-9514

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518

reference_url

http://seclists.org/fulldisclosure/2019/Aug/16

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2019/Aug/16

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md

reference_url

https://go.dev/cl/190137

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://go.dev/cl/190137

reference_url

https://go.dev/issue/33606

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://go.dev/issue/33606

reference_url

https://go.googlesource.com/go/+/145e193131eb486077b66009beb051aba07c52a5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://go.googlesource.com/go/+/145e193131eb486077b66009beb051aba07c52a5

reference_url

https://groups.google.com/g/golang-announce/c/65QixT3tcmg/m/DrFiG6vvCwAJ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/golang-announce/c/65QixT3tcmg/m/DrFiG6vvCwAJ

reference_url

https://kb.cert.org/vuls/id/605641

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://kb.cert.org/vuls/id/605641

reference_url

https://kc.mcafee.com/corporate/index?page=content&id=SB10296

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://kc.mcafee.com/corporate/index?page=content&id=SB10296

reference_url

https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E

reference_url

https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-9514

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-9514

reference_url

https://pkg.go.dev/vuln/GO-2022-0536

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pkg.go.dev/vuln/GO-2022-0536

reference_url

https://seclists.org/bugtraq/2019/Aug/24

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://seclists.org/bugtraq/2019/Aug/24

reference_url

https://seclists.org/bugtraq/2019/Aug/31

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://seclists.org/bugtraq/2019/Aug/31

reference_url

https://seclists.org/bugtraq/2019/Aug/43

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://seclists.org/bugtraq/2019/Aug/43

reference_url

https://seclists.org/bugtraq/2019/Sep/18

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://seclists.org/bugtraq/2019/Sep/18

reference_url

https://security.netapp.com/advisory/ntap-20190823-0001

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190823-0001

reference_url

https://security.netapp.com/advisory/ntap-20190823-0004

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190823-0004

reference_url

https://security.netapp.com/advisory/ntap-20190823-0005

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190823-0005

reference_url

https://support.f5.com/csp/article/K01988340

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.f5.com/csp/article/K01988340

reference_url

https://support.f5.com/csp/article/K01988340?utm_source=f5support&utm_medium=RSS

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.f5.com/csp/article/K01988340?utm_source=f5support&utm_medium=RSS

reference_url

https://usn.ubuntu.com/4308-1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/4308-1

reference_url

https://www.debian.org/security/2019/dsa-4503

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2019/dsa-4503

reference_url

https://www.debian.org/security/2019/dsa-4508

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2019/dsa-4508

reference_url

https://www.debian.org/security/2019/dsa-4520

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2019/dsa-4520

reference_url

https://www.debian.org/security/2020/dsa-4669

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2020/dsa-4669

reference_url

https://www.synology.com/security/advisory/Synology_SA_19_33

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.synology.com/security/advisory/Synology_SA_19_33

reference_url

http://www.openwall.com/lists/oss-security/2019/08/20/1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2019/08/20/1

reference_url

http://www.openwall.com/lists/oss-security/2023/10/18/8

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2023/10/18/8

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062667
reference_id	1062667
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062667

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1735744
reference_id	1735744
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1735744

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885
reference_id	934885
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886
reference_id	934886
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887
reference_id	934887
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887

reference_url	https://security.archlinux.org/ASA-201908-15
reference_id	ASA-201908-15
reference_type
scores
url	https://security.archlinux.org/ASA-201908-15

reference_url

https://security.archlinux.org/AVG-1021

reference_id

AVG-1021

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1021

reference_url	https://access.redhat.com/errata/RHSA-2019:2817
reference_id	RHSA-2019:2817
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2817

reference_url	https://access.redhat.com/errata/RHSA-2020:0922
reference_id	RHSA-2020:0922
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0922

reference_url	https://access.redhat.com/errata/RHSA-2020:0983
reference_id	RHSA-2020:0983
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0983

reference_url	https://access.redhat.com/errata/RHSA-2020:1445
reference_id	RHSA-2020:1445
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1445

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2565
reference_id	RHSA-2020:2565
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2565

100

reference_url	https://access.redhat.com/errata/RHSA-2020:3196
reference_id	RHSA-2020:3196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3196

101

reference_url	https://access.redhat.com/errata/RHSA-2020:3197
reference_id	RHSA-2020:3197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3197

102

reference_url	https://access.redhat.com/errata/RHSA-2024:5856
reference_id	RHSA-2024:5856
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5856

103

reference_url	https://usn.ubuntu.com/USN-4866-1/
reference_id	USN-USN-4866-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4866-1/

fixed_packages

url	pkg:deb/debian/nodejs@10.16.3~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@10.16.3~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.16.3~dfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2019-9514, GHSA-39qc-96h7-956f

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n66u-b73u-zucb

url VCID-n91z-kugd-ebb5

vulnerability_id VCID-n91z-kugd-ebb5

summary

Multiple vulnerabilities have been found in NodeJS, the worst of
    which could result in the arbitrary execution of code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8201.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8201.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8201

reference_id

reference_type

scores

value	0.00632
scoring_system	epss
scoring_elements	0.70267
published_at	2026-04-01T12:55:00Z

value	0.00632
scoring_system	epss
scoring_elements	0.70279
published_at	2026-04-02T12:55:00Z

value	0.00632
scoring_system	epss
scoring_elements	0.70297
published_at	2026-04-04T12:55:00Z

value	0.00632
scoring_system	epss
scoring_elements	0.70273
published_at	2026-04-07T12:55:00Z

value	0.00632
scoring_system	epss
scoring_elements	0.70319
published_at	2026-04-08T12:55:00Z

value	0.00632
scoring_system	epss
scoring_elements	0.70333
published_at	2026-04-09T12:55:00Z

value	0.00632
scoring_system	epss
scoring_elements	0.70357
published_at	2026-04-11T12:55:00Z

value	0.00632
scoring_system	epss
scoring_elements	0.70342
published_at	2026-04-12T12:55:00Z

value	0.00632
scoring_system	epss
scoring_elements	0.70328
published_at	2026-04-13T12:55:00Z

value	0.00632
scoring_system	epss
scoring_elements	0.70372
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8201

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8201
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8201

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1879311
reference_id	1879311
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1879311

reference_url	https://access.redhat.com/errata/RHSA-2020:4272
reference_id	RHSA-2020:4272
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4272

reference_url	https://access.redhat.com/errata/RHSA-2020:4903
reference_id	RHSA-2020:4903
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4903

reference_url	https://access.redhat.com/errata/RHSA-2020:5086
reference_id	RHSA-2020:5086
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5086

fixed_packages

url	pkg:deb/debian/nodejs@12.18.4~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@12.18.4~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.18.4~dfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2020-8201

risk_score 3.4

exploitability 0.5

weighted_severity 6.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n91z-kugd-ebb5

url VCID-nenk-4cgd-fugv

vulnerability_id VCID-nenk-4cgd-fugv

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27983.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27983.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-27983

reference_id

reference_type

scores

value	0.75933
scoring_system	epss
scoring_elements	0.98917
published_at	2026-04-16T12:55:00Z

value	0.75933
scoring_system	epss
scoring_elements	0.98907
published_at	2026-04-02T12:55:00Z

value	0.75933
scoring_system	epss
scoring_elements	0.98909
published_at	2026-04-04T12:55:00Z

value	0.75933
scoring_system	epss
scoring_elements	0.98911
published_at	2026-04-07T12:55:00Z

value	0.75933
scoring_system	epss
scoring_elements	0.98912
published_at	2026-04-09T12:55:00Z

value	0.75933
scoring_system	epss
scoring_elements	0.98914
published_at	2026-04-12T12:55:00Z

value	0.75933
scoring_system	epss
scoring_elements	0.98915
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-27983

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27983
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27983

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068347
reference_id	1068347
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068347

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2272764
reference_id	2272764
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2272764

reference_url

https://hackerone.com/reports/2319584

reference_id

2319584

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-09T19:14:56Z/

url

https://hackerone.com/reports/2319584

reference_url

reference_id

AVG-2852

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2853

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE/

reference_url	https://security.gentoo.org/glsa/202505-11
reference_id	GLSA-202505-11
reference_type
scores
url	https://security.gentoo.org/glsa/202505-11

reference_url

reference_id

JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-09T19:14:56Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE/

reference_url

https://security.netapp.com/advisory/ntap-20240510-0002/

reference_id

ntap-20240510-0002

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-09T19:14:56Z/

url

https://security.netapp.com/advisory/ntap-20240510-0002/

reference_url	https://access.redhat.com/errata/RHSA-2024:2778
reference_id	RHSA-2024:2778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2778

reference_url	https://access.redhat.com/errata/RHSA-2024:2779
reference_id	RHSA-2024:2779
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2779

reference_url	https://access.redhat.com/errata/RHSA-2024:2780
reference_id	RHSA-2024:2780
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2780

reference_url	https://access.redhat.com/errata/RHSA-2024:2853
reference_id	RHSA-2024:2853
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2853

reference_url	https://access.redhat.com/errata/RHSA-2024:2910
reference_id	RHSA-2024:2910
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2910

reference_url	https://access.redhat.com/errata/RHSA-2024:2937
reference_id	RHSA-2024:2937
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2937

reference_url	https://access.redhat.com/errata/RHSA-2024:3472
reference_id	RHSA-2024:3472
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3472

reference_url	https://access.redhat.com/errata/RHSA-2024:3544
reference_id	RHSA-2024:3544
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3544

reference_url	https://access.redhat.com/errata/RHSA-2024:3545
reference_id	RHSA-2024:3545
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3545

reference_url	https://access.redhat.com/errata/RHSA-2024:3553
reference_id	RHSA-2024:3553
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3553

reference_url	https://access.redhat.com/errata/RHSA-2024:4353
reference_id	RHSA-2024:4353
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4353

reference_url	https://access.redhat.com/errata/RHSA-2024:4824
reference_id	RHSA-2024:4824
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4824

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDVFUH7ACZPYB3BS4SVILNOY7NQU73VW/

reference_id

YDVFUH7ACZPYB3BS4SVILNOY7NQU73VW

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-09T19:14:56Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDVFUH7ACZPYB3BS4SVILNOY7NQU73VW/

fixed_packages

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.20.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@18.20.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2024-27983

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nenk-4cgd-fugv

url VCID-nkas-113k-wkbu

vulnerability_id VCID-nkas-113k-wkbu

summary nodejs: HTTP parser allowed for spaces inside Content-Length header values

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7159.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7159.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-7159

reference_id

reference_type

scores

value	0.0059
scoring_system	epss
scoring_elements	0.69108
published_at	2026-04-01T12:55:00Z

value	0.0059
scoring_system	epss
scoring_elements	0.69213
published_at	2026-04-16T12:55:00Z

value	0.0059
scoring_system	epss
scoring_elements	0.69217
published_at	2026-04-11T12:55:00Z

value	0.0059
scoring_system	epss
scoring_elements	0.69202
published_at	2026-04-12T12:55:00Z

value	0.0059
scoring_system	epss
scoring_elements	0.69174
published_at	2026-04-13T12:55:00Z

value	0.0059
scoring_system	epss
scoring_elements	0.69124
published_at	2026-04-02T12:55:00Z

value	0.0059
scoring_system	epss
scoring_elements	0.69145
published_at	2026-04-04T12:55:00Z

value	0.0059
scoring_system	epss
scoring_elements	0.69126
published_at	2026-04-07T12:55:00Z

value	0.0059
scoring_system	epss
scoring_elements	0.69176
published_at	2026-04-08T12:55:00Z

value	0.0059
scoring_system	epss
scoring_elements	0.69195
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-7159

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7159
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7159

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/

reference_url	https://support.f5.com/csp/article/K27228191?utm_source=f5support&amp%3Butm_medium=RSS
reference_id
reference_type
scores
url	https://support.f5.com/csp/article/K27228191?utm_source=f5support&amp%3Butm_medium=RSS

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1561981
reference_id	1561981
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1561981

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*
reference_id	cpe:2.3:a:nodejs:node.js:::::-:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::lts:::*
reference_id	cpe:2.3:a:nodejs:node.js:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::lts:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-7159

reference_id

CVE-2018-7159

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-7159

reference_url	https://access.redhat.com/errata/RHSA-2018:2949
reference_id	RHSA-2018:2949
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2949

reference_url	https://access.redhat.com/errata/RHSA-2019:2258
reference_id	RHSA-2019:2258
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2258

fixed_packages

url	pkg:deb/debian/nodejs@8.11.1~dfsg-2?distro=trixie
purl	pkg:deb/debian/nodejs@8.11.1~dfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@8.11.1~dfsg-2%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2018-7159

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nkas-113k-wkbu

url VCID-p31t-nxwe-yyf2

vulnerability_id VCID-p31t-nxwe-yyf2

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32558.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32558.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-32558

reference_id

reference_type

scores

value	0.00193
scoring_system	epss
scoring_elements	0.41223
published_at	2026-04-02T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41253
published_at	2026-04-04T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41179
published_at	2026-04-07T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41227
published_at	2026-04-08T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41236
published_at	2026-04-09T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41258
published_at	2026-04-11T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41226
published_at	2026-04-12T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41212
published_at	2026-04-13T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41255
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-32558

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2230952
reference_id	2230952
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2230952

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2023-32558

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p31t-nxwe-yyf2

url VCID-p8ab-a4gk-eyd2

vulnerability_id VCID-p8ab-a4gk-eyd2

summary

Multiple vulnerabilities have been found in the Chromium web
    browser, the worst of which allows remote attackers to execute arbitrary
    code.

references

reference_url	http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html
reference_id
reference_type
scores
url	http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html

reference_url	http://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1080.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1080.html

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0002.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0002.html

reference_url	https://access.redhat.com/errata/RHSA-2018:0336
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:0336

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1669.json

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1669.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-1669

reference_id

reference_type

scores

value	0.01626
scoring_system	epss
scoring_elements	0.81796
published_at	2026-04-01T12:55:00Z

value	0.01626
scoring_system	epss
scoring_elements	0.81898
published_at	2026-04-16T12:55:00Z

value	0.01626
scoring_system	epss
scoring_elements	0.81879
published_at	2026-04-11T12:55:00Z

value	0.01626
scoring_system	epss
scoring_elements	0.81867
published_at	2026-04-12T12:55:00Z

value	0.01626
scoring_system	epss
scoring_elements	0.81861
published_at	2026-04-13T12:55:00Z

value	0.01626
scoring_system	epss
scoring_elements	0.81807
published_at	2026-04-02T12:55:00Z

value	0.01626
scoring_system	epss
scoring_elements	0.81829
published_at	2026-04-04T12:55:00Z

value	0.01626
scoring_system	epss
scoring_elements	0.81827
published_at	2026-04-07T12:55:00Z

value	0.01626
scoring_system	epss
scoring_elements	0.81853
published_at	2026-04-08T12:55:00Z

value	0.01626
scoring_system	epss
scoring_elements	0.8186
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1669

reference_url	https://codereview.chromium.org/1945313002
reference_id
reference_type
scores
url	https://codereview.chromium.org/1945313002

reference_url	https://crbug.com/606115
reference_id
reference_type
scores
url	https://crbug.com/606115

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10403
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10403

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1667
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1667

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1668
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1668

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1670

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1672
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1672

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1673
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1673

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1674
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1674

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1675
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1675

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1676
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1676

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1677
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1677

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1678
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1678

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1679
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1679

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1680
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1680

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1681
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1681

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1682
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1682

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1683
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1683

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1685
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1685

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1686
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1686

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1687
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1687

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1688
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1688

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1689
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1689

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1690
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1691
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1691

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1692
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1692

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1693
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1693

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1694
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1694

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1695
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1695

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/

reference_url	http://www.debian.org/security/2016/dsa-3590
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3590

reference_url	http://www.securityfocus.com/bid/90584
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/90584

reference_url	http://www.securitytracker.com/id/1035872
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035872

reference_url	http://www.ubuntu.com/usn/USN-2960-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2960-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1335449
reference_id	1335449
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1335449

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome::::::::
reference_id	cpe:2.3:a:google:chrome::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:v8::::::::
reference_id	cpe:2.3:a:google:v8::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:v8::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js::::::::
reference_id	cpe:2.3:a:nodejs:node.js::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*
reference_id	cpe:2.3:a:nodejs:node.js:::::-:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::lts:::*
reference_id	cpe:2.3:a:nodejs:node.js:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::lts:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-1669

reference_id

CVE-2016-1669

reference_type

scores

value	9.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:C/I:C/A:C

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1669

reference_url	https://security.gentoo.org/glsa/201605-02
reference_id	GLSA-201605-02
reference_type
scores
url	https://security.gentoo.org/glsa/201605-02

reference_url	https://access.redhat.com/errata/RHSA-2016:1080
reference_id	RHSA-2016:1080
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1080

reference_url	https://access.redhat.com/errata/RHSA-2017:0002
reference_id	RHSA-2017:0002
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0002

reference_url	https://access.redhat.com/errata/RHSA-2017:0879
reference_id	RHSA-2017:0879
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0879

reference_url	https://access.redhat.com/errata/RHSA-2017:0880
reference_id	RHSA-2017:0880
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0880

reference_url	https://access.redhat.com/errata/RHSA-2017:0881
reference_id	RHSA-2017:0881
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0881

reference_url	https://access.redhat.com/errata/RHSA-2017:0882
reference_id	RHSA-2017:0882
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0882

reference_url	https://usn.ubuntu.com/2960-1/
reference_id	USN-2960-1
reference_type
scores
url	https://usn.ubuntu.com/2960-1/

fixed_packages

url	pkg:deb/debian/nodejs@4.4.6~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@4.4.6~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@4.4.6~dfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2016-1669

risk_score 4.2

exploitability 0.5

weighted_severity 8.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p8ab-a4gk-eyd2

url VCID-p9sg-8byk-eydy

vulnerability_id VCID-p9sg-8byk-eydy

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37372.json

reference_id

reference_type

scores

value	3.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37372.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-37372

reference_id

reference_type

scores

value	0.00049
scoring_system	epss
scoring_elements	0.14969
published_at	2026-04-16T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15203
published_at	2026-04-09T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15172
published_at	2026-04-11T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15134
published_at	2026-04-12T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.1507
published_at	2026-04-13T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15193
published_at	2026-04-02T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15261
published_at	2026-04-04T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15064
published_at	2026-04-07T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15152
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-37372

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2336663
reference_id	2336663
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2336663

reference_url

http://www.openwall.com/lists/oss-security/2024/07/19/3

reference_id

reference_type

scores

value	3.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:37:14Z/

url

http://www.openwall.com/lists/oss-security/2024/07/19/3

reference_url

http://www.openwall.com/lists/oss-security/2024/07/11/6

reference_id

reference_type

scores

value	3.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:37:14Z/

url

http://www.openwall.com/lists/oss-security/2024/07/11/6

reference_url	https://security.gentoo.org/glsa/202505-11
reference_id	GLSA-202505-11
reference_type
scores
url	https://security.gentoo.org/glsa/202505-11

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2024-37372

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p9sg-8byk-eydy

url VCID-pd4q-4b15-gqey

vulnerability_id VCID-pd4q-4b15-gqey

summary

A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory.

On Windows, a path that does not start with the file separator is treated as relative to the current directory. 

This vulnerability affects Windows users of `path.join` API.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-23084

reference_id

reference_type

scores

value	0.01289
scoring_system	epss
scoring_elements	0.79677
published_at	2026-04-16T12:55:00Z

value	0.01289
scoring_system	epss
scoring_elements	0.79605
published_at	2026-04-02T12:55:00Z

value	0.01289
scoring_system	epss
scoring_elements	0.79671
published_at	2026-04-11T12:55:00Z

value	0.01289
scoring_system	epss
scoring_elements	0.79655
published_at	2026-04-12T12:55:00Z

value	0.01289
scoring_system	epss
scoring_elements	0.79648
published_at	2026-04-13T12:55:00Z

value	0.01289
scoring_system	epss
scoring_elements	0.79627
published_at	2026-04-04T12:55:00Z

value	0.01289
scoring_system	epss
scoring_elements	0.79614
published_at	2026-04-07T12:55:00Z

value	0.01289
scoring_system	epss
scoring_elements	0.79642
published_at	2026-04-08T12:55:00Z

value	0.01289
scoring_system	epss
scoring_elements	0.7965
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-23084

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://nodejs.org/en/blog/vulnerability/january-2025-security-releases

reference_id

january-2025-security-releases

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-28T15:07:59Z/

url

https://nodejs.org/en/blog/vulnerability/january-2025-security-releases

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2025-23084

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pd4q-4b15-gqey

url VCID-pqnn-ers1-3fec

vulnerability_id VCID-pqnn-ers1-3fec

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22884.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22884.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22884

reference_id

reference_type

scores

value	0.0027
scoring_system	epss
scoring_elements	0.5038
published_at	2026-04-01T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50512
published_at	2026-04-16T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50484
published_at	2026-04-12T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50469
published_at	2026-04-13T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50436
published_at	2026-04-02T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50465
published_at	2026-04-09T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50419
published_at	2026-04-07T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50472
published_at	2026-04-08T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50507
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22884

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22883
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22883

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1932024
reference_id	1932024
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1932024

reference_url

reference_id

AVG-1604

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14919.json

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2021:0734
reference_id	RHSA-2021:0734
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0734

reference_url	https://access.redhat.com/errata/RHSA-2021:0735
reference_id	RHSA-2021:0735
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0735

reference_url	https://access.redhat.com/errata/RHSA-2021:0738
reference_id	RHSA-2021:0738
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0738

reference_url	https://access.redhat.com/errata/RHSA-2021:0739
reference_id	RHSA-2021:0739
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0739

reference_url	https://access.redhat.com/errata/RHSA-2021:0740
reference_id	RHSA-2021:0740
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0740

reference_url	https://access.redhat.com/errata/RHSA-2021:0741
reference_id	RHSA-2021:0741
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0741

reference_url	https://access.redhat.com/errata/RHSA-2021:0744
reference_id	RHSA-2021:0744
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0744

reference_url	https://access.redhat.com/errata/RHSA-2021:0827
reference_id	RHSA-2021:0827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0827

reference_url	https://access.redhat.com/errata/RHSA-2021:0830
reference_id	RHSA-2021:0830
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0830

reference_url	https://access.redhat.com/errata/RHSA-2021:0831
reference_id	RHSA-2021:0831
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0831

reference_url	https://usn.ubuntu.com/6418-1/
reference_id	USN-6418-1
reference_type
scores
url	https://usn.ubuntu.com/6418-1/

fixed_packages

url	pkg:deb/debian/nodejs@12.21.0~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@12.21.0~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.21.0~dfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2021-22884

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pqnn-ers1-3fec

url VCID-pwe6-zwyr-nqhy

vulnerability_id VCID-pwe6-zwyr-nqhy

summary nodejs: DoS via specific windowBits value

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14919.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-14919

reference_id

reference_type

scores

value	0.00784
scoring_system	epss
scoring_elements	0.738
published_at	2026-04-16T12:55:00Z

value	0.00784
scoring_system	epss
scoring_elements	0.73751
published_at	2026-04-08T12:55:00Z

value	0.00784
scoring_system	epss
scoring_elements	0.73763
published_at	2026-04-09T12:55:00Z

value	0.00784
scoring_system	epss
scoring_elements	0.73786
published_at	2026-04-11T12:55:00Z

value	0.00784
scoring_system	epss
scoring_elements	0.73767
published_at	2026-04-12T12:55:00Z

value	0.00784
scoring_system	epss
scoring_elements	0.73759
published_at	2026-04-13T12:55:00Z

value	0.01045
scoring_system	epss
scoring_elements	0.7743
published_at	2026-04-01T12:55:00Z

value	0.01045
scoring_system	epss
scoring_elements	0.77436
published_at	2026-04-02T12:55:00Z

value	0.01045
scoring_system	epss
scoring_elements	0.77462
published_at	2026-04-04T12:55:00Z

value	0.01045
scoring_system	epss
scoring_elements	0.77441
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-14919

reference_url	https://nodejs.org/en/blog/release/v4.8.5/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/release/v4.8.5/

reference_url	https://nodejs.org/en/blog/release/v6.11.5/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/release/v6.11.5/

reference_url	https://nodejs.org/en/blog/release/v8.8.0/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/release/v8.8.0/

reference_url	https://nodejs.org/en/blog/vulnerability/oct-2017-dos/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/oct-2017-dos/

reference_url	http://www.securityfocus.com/bid/101881
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101881

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1516175
reference_id	1516175
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1516175

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.8.2:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:4.8.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.8.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.8.3:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:4.8.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.8.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.8.4:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:4.8.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.8.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.10.2:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:6.10.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.10.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.10.3:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:6.10.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.10.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.11.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:6.11.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.11.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.11.1:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:6.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.11.2:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:6.11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.11.3:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:6.11.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.11.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.11.4:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:6.11.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.11.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.0.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:8.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.1.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:8.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.1.1:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:8.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.1.2:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:8.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.1.3:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:8.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.1.4:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:8.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.2.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:8.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.2.1:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:8.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.3.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:8.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.4.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:8.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.5.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:8.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.6.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:8.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.7.0:::::::*
reference_id	cpe:2.3:a:nodejs:node.js:8.7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-14919

reference_id

CVE-2017-14919

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-14919

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2017-14919

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pwe6-zwyr-nqhy

url VCID-q75s-43sx-4kbg

vulnerability_id VCID-q75s-43sx-4kbg

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30588.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30588.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-30588

reference_id

reference_type

scores

value	0.0003
scoring_system	epss
scoring_elements	0.0854
published_at	2026-04-02T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08594
published_at	2026-04-04T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08512
published_at	2026-04-07T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08585
published_at	2026-04-08T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08605
published_at	2026-04-09T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08602
published_at	2026-04-11T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08582
published_at	2026-04-12T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08566
published_at	2026-04-13T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08458
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-30588

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990
reference_id	1039990
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2219838
reference_id	2219838
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2219838

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2023:4330
reference_id	RHSA-2023:4330
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4330

reference_url	https://access.redhat.com/errata/RHSA-2023:4331
reference_id	RHSA-2023:4331
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4331

reference_url	https://access.redhat.com/errata/RHSA-2023:4536
reference_id	RHSA-2023:4536
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4536

reference_url	https://access.redhat.com/errata/RHSA-2023:4537
reference_id	RHSA-2023:4537
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4537

reference_url	https://access.redhat.com/errata/RHSA-2023:5361
reference_id	RHSA-2023:5361
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5361

reference_url	https://access.redhat.com/errata/RHSA-2023:5533
reference_id	RHSA-2023:5533
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5533

reference_url	https://usn.ubuntu.com/6735-1/
reference_id	USN-6735-1
reference_type
scores
url	https://usn.ubuntu.com/6735-1/

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie
purl	pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.13.0%252Bdfsg1-1.1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie
purl	pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.0%252Bdfsg-6~deb12u1%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2023-30588

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q75s-43sx-4kbg

url VCID-q8th-849w-bfhp

vulnerability_id VCID-q8th-849w-bfhp

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22883.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22883.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22883

reference_id

reference_type

scores

value	0.89427
scoring_system	epss
scoring_elements	0.99544
published_at	2026-04-02T12:55:00Z

value	0.89427
scoring_system	epss
scoring_elements	0.9955
published_at	2026-04-16T12:55:00Z

value	0.89427
scoring_system	epss
scoring_elements	0.99547
published_at	2026-04-12T12:55:00Z

value	0.89427
scoring_system	epss
scoring_elements	0.99548
published_at	2026-04-13T12:55:00Z

value	0.89427
scoring_system	epss
scoring_elements	0.99545
published_at	2026-04-04T12:55:00Z

value	0.89427
scoring_system	epss
scoring_elements	0.99546
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22883

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22883
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22883

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1932014
reference_id	1932014
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1932014

reference_url

reference_id

AVG-1604

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7162.json

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2021:0734
reference_id	RHSA-2021:0734
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0734

reference_url	https://access.redhat.com/errata/RHSA-2021:0735
reference_id	RHSA-2021:0735
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0735

reference_url	https://access.redhat.com/errata/RHSA-2021:0738
reference_id	RHSA-2021:0738
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0738

reference_url	https://access.redhat.com/errata/RHSA-2021:0739
reference_id	RHSA-2021:0739
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0739

reference_url	https://access.redhat.com/errata/RHSA-2021:0740
reference_id	RHSA-2021:0740
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0740

reference_url	https://access.redhat.com/errata/RHSA-2021:0741
reference_id	RHSA-2021:0741
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0741

reference_url	https://access.redhat.com/errata/RHSA-2021:0744
reference_id	RHSA-2021:0744
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0744

reference_url	https://access.redhat.com/errata/RHSA-2021:0827
reference_id	RHSA-2021:0827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0827

reference_url	https://access.redhat.com/errata/RHSA-2021:0830
reference_id	RHSA-2021:0830
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0830

reference_url	https://access.redhat.com/errata/RHSA-2021:0831
reference_id	RHSA-2021:0831
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0831

reference_url	https://usn.ubuntu.com/6418-1/
reference_id	USN-6418-1
reference_type
scores
url	https://usn.ubuntu.com/6418-1/

fixed_packages

url	pkg:deb/debian/nodejs@12.21.0~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@12.21.0~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.21.0~dfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2021-22883

risk_score 10.0

exploitability 2.0

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q8th-849w-bfhp

url VCID-r8jj-tkxd-5qg8

vulnerability_id VCID-r8jj-tkxd-5qg8

summary

Multiple vulnerabilities have been found in Node.js, worst of which
    could allow remote attackers to write arbitrary files.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7162.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-7162

reference_id

reference_type

scores

value	0.01017
scoring_system	epss
scoring_elements	0.77114
published_at	2026-04-01T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77215
published_at	2026-04-16T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77179
published_at	2026-04-12T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77175
published_at	2026-04-13T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.7712
published_at	2026-04-02T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77149
published_at	2026-04-04T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77131
published_at	2026-04-07T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77164
published_at	2026-04-08T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77173
published_at	2026-04-09T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.772
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-7162

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7162
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7162

reference_url	https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/

reference_url	https://security.gentoo.org/glsa/202003-48
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/202003-48

reference_url	http://www.securityfocus.com/bid/104468
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104468

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1591018
reference_id	1591018
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1591018

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*
reference_id	cpe:2.3:a:nodejs:node.js:::::-:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-7162

reference_id

CVE-2018-7162

reference_type

scores

value	7.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:C

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-7162

fixed_packages

url	pkg:deb/debian/nodejs@10.15.0~dfsg-6?distro=trixie
purl	pkg:deb/debian/nodejs@10.15.0~dfsg-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.15.0~dfsg-6%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2018-7162

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r8jj-tkxd-5qg8

url VCID-rg1f-5nhq-m7ea

vulnerability_id VCID-rg1f-5nhq-m7ea

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32004.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32004.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-32004

reference_id

reference_type

scores

value	0.00118
scoring_system	epss
scoring_elements	0.30769
published_at	2026-04-02T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30664
published_at	2026-04-16T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30818
published_at	2026-04-04T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30635
published_at	2026-04-07T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30693
published_at	2026-04-08T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30725
published_at	2026-04-09T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30729
published_at	2026-04-11T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30683
published_at	2026-04-12T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30639
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-32004

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/2038134

reference_id

2038134

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:19:44Z/

url

https://hackerone.com/reports/2038134

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2230951
reference_id	2230951
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2230951

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/

reference_id

JQPELKG2LVTADSB7ME73AV4DXQK47PWK

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:19:44Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/

reference_url

https://security.netapp.com/advisory/ntap-20230915-0009/

reference_id

ntap-20230915-0009

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:19:44Z/

url

https://security.netapp.com/advisory/ntap-20230915-0009/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX/

reference_id

PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:19:44Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX/

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2023-32004

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rg1f-5nhq-m7ea

url VCID-rhxy-h93e-y3d4

vulnerability_id VCID-rhxy-h93e-y3d4

summary

Multiple vulnerabilities have been found in Node.js, worst of which
    could allow remote attackers to write arbitrary files.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7167.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7167.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-7167

reference_id

reference_type

scores

value	0.00756
scoring_system	epss
scoring_elements	0.73298
published_at	2026-04-16T12:55:00Z

value	0.00756
scoring_system	epss
scoring_elements	0.73283
published_at	2026-04-11T12:55:00Z

value	0.00756
scoring_system	epss
scoring_elements	0.73262
published_at	2026-04-12T12:55:00Z

value	0.00756
scoring_system	epss
scoring_elements	0.73255
published_at	2026-04-13T12:55:00Z

value	0.00815
scoring_system	epss
scoring_elements	0.74244
published_at	2026-04-07T12:55:00Z

value	0.00815
scoring_system	epss
scoring_elements	0.74271
published_at	2026-04-04T12:55:00Z

value	0.00815
scoring_system	epss
scoring_elements	0.74277
published_at	2026-04-08T12:55:00Z

value	0.00815
scoring_system	epss
scoring_elements	0.74292
published_at	2026-04-09T12:55:00Z

value	0.00815
scoring_system	epss
scoring_elements	0.74239
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-7167

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7167
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7167

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/

reference_url	https://security.gentoo.org/glsa/202003-48
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/202003-48

reference_url	http://www.securityfocus.com/bid/106363
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106363

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1591006
reference_id	1591006
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1591006

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*
reference_id	cpe:2.3:a:nodejs:node.js:::::-:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::lts:::*
reference_id	cpe:2.3:a:nodejs:node.js:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::lts:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-7167

reference_id

CVE-2018-7167

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-7167

reference_url	https://access.redhat.com/errata/RHSA-2018:2949
reference_id	RHSA-2018:2949
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2949

reference_url	https://usn.ubuntu.com/USN-4796-1/
reference_id	USN-USN-4796-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4796-1/

fixed_packages

url	pkg:deb/debian/nodejs@10.15.0~dfsg-6?distro=trixie
purl	pkg:deb/debian/nodejs@10.15.0~dfsg-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.15.0~dfsg-6%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2018-7167

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rhxy-h93e-y3d4

url VCID-s1a4-9r1m-8uaw

vulnerability_id VCID-s1a4-9r1m-8uaw

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39332.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39332.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-39332

reference_id

reference_type

scores

value	0.0057
scoring_system	epss
scoring_elements	0.68556
published_at	2026-04-02T12:55:00Z

value	0.0057
scoring_system	epss
scoring_elements	0.68643
published_at	2026-04-16T12:55:00Z

value	0.0057
scoring_system	epss
scoring_elements	0.68604
published_at	2026-04-13T12:55:00Z

value	0.0057
scoring_system	epss
scoring_elements	0.68621
published_at	2026-04-09T12:55:00Z

value	0.0057
scoring_system	epss
scoring_elements	0.68646
published_at	2026-04-11T12:55:00Z

value	0.0057
scoring_system	epss
scoring_elements	0.68634
published_at	2026-04-12T12:55:00Z

value	0.0057
scoring_system	epss
scoring_elements	0.68575
published_at	2026-04-04T12:55:00Z

value	0.0057
scoring_system	epss
scoring_elements	0.68553
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-39332

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/2199818

reference_id

2199818

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-13T14:54:41Z/

url

https://hackerone.com/reports/2199818

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2244414
reference_id	2244414
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2244414

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/

reference_id

3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-13T14:54:41Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/

reference_url	https://security.gentoo.org/glsa/202505-11
reference_id	GLSA-202505-11
reference_type
scores
url	https://security.gentoo.org/glsa/202505-11

reference_url

https://security.netapp.com/advisory/ntap-20231116-0009/

reference_id

ntap-20231116-0009

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-13T14:54:41Z/

url

https://security.netapp.com/advisory/ntap-20231116-0009/

reference_url	https://access.redhat.com/errata/RHSA-2023:7205
reference_id	RHSA-2023:7205
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7205

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2023-39332

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s1a4-9r1m-8uaw

url VCID-srpj-seee-xyhm

vulnerability_id VCID-srpj-seee-xyhm

summary

Multiple vulnerabilities have been found in the Chromium web
    browser, the worst of which allows remote attackers to execute arbitrary
    code.

references

reference_url	http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html
reference_id
reference_type
scores
url	http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html

reference_url	http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6764.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6764.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-6764

reference_id

reference_type

scores

value	0.13882
scoring_system	epss
scoring_elements	0.94319
published_at	2026-04-16T12:55:00Z

value	0.13882
scoring_system	epss
scoring_elements	0.94304
published_at	2026-04-13T12:55:00Z

value	0.13882
scoring_system	epss
scoring_elements	0.94263
published_at	2026-04-01T12:55:00Z

value	0.13882
scoring_system	epss
scoring_elements	0.94272
published_at	2026-04-02T12:55:00Z

value	0.13882
scoring_system	epss
scoring_elements	0.94283
published_at	2026-04-04T12:55:00Z

value	0.13882
scoring_system	epss
scoring_elements	0.94284
published_at	2026-04-07T12:55:00Z

value	0.13882
scoring_system	epss
scoring_elements	0.94294
published_at	2026-04-08T12:55:00Z

value	0.13882
scoring_system	epss
scoring_elements	0.94298
published_at	2026-04-09T12:55:00Z

value	0.13882
scoring_system	epss
scoring_elements	0.94302
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-6764

reference_url	https://chromium.googlesource.com/v8/v8/+/6df9a1db8c85ab63dee63879456b6027df53fabc
reference_id
reference_type
scores
url	https://chromium.googlesource.com/v8/v8/+/6df9a1db8c85ab63dee63879456b6027df53fabc

reference_url	https://code.google.com/p/chromium/issues/detail?id=554946
reference_id
reference_type
scores
url	https://code.google.com/p/chromium/issues/detail?id=554946

reference_url	https://codereview.chromium.org/1440223002
reference_id
reference_type
scores
url	https://codereview.chromium.org/1440223002

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1302
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1302

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6766
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6766

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6767
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6767

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6768
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6768

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6769
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6769

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6770
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6770

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6771
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6771

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6772
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6772

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6773
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6773

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6774
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6774

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6775
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6775

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6776
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6776

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6777
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6777

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6778
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6778

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6779
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6779

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6780
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6780

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6781
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6781

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6782
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6782

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6784
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6784

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6785
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6785

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6786

reference_url	http://www.debian.org/security/2015/dsa-3415
reference_id
reference_type
scores
url	http://www.debian.org/security/2015/dsa-3415

reference_url	http://www.securityfocus.com/bid/78209
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/78209

reference_url	http://www.securitytracker.com/id/1034298
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1034298

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1285774
reference_id	1285774
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1285774

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806385
reference_id	806385
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806385

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome::::::::
reference_id	cpe:2.3:a:google:chrome::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*
reference_id	cpe:2.3:a:nodejs:node.js:::::-:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::lts:::*
reference_id	cpe:2.3:a:nodejs:node.js:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::lts:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-6764

reference_id

CVE-2015-6764

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2015-6764

reference_url	https://security.gentoo.org/glsa/201603-09
reference_id	GLSA-201603-09
reference_type
scores
url	https://security.gentoo.org/glsa/201603-09

reference_url	https://access.redhat.com/errata/RHSA-2015:2545
reference_id	RHSA-2015:2545
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2545

fixed_packages

url	pkg:deb/debian/nodejs@4.2.3~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@4.2.3~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@4.2.3~dfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2015-6764

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-srpj-seee-xyhm

url VCID-sthj-jvke-tyg7

vulnerability_id VCID-sthj-jvke-tyg7

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30584.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30584.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-30584

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01882
published_at	2026-04-02T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01855
published_at	2026-04-16T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01879
published_at	2026-04-12T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01874
published_at	2026-04-13T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01895
published_at	2026-04-11T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01894
published_at	2026-04-07T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01897
published_at	2026-04-08T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.0191
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-30584

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2219829
reference_id	2219829
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2219829

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url

https://nodejs.org/en/blog/vulnerability/june-2023-security-releases

reference_id

june-2023-security-releases

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T18:33:59Z/

url

https://nodejs.org/en/blog/vulnerability/june-2023-security-releases

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2023-30584

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sthj-jvke-tyg7

url VCID-tnhd-rr89-9udh

vulnerability_id VCID-tnhd-rr89-9udh

summary

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
The parse function in llhttp ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22960.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22960.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22960

reference_id

reference_type

scores

value	0.00229
scoring_system	epss
scoring_elements	0.45642
published_at	2026-04-01T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45779
published_at	2026-04-16T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45751
published_at	2026-04-11T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45721
published_at	2026-04-12T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45709
published_at	2026-04-02T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45729
published_at	2026-04-13T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45677
published_at	2026-04-07T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45733
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/1238099
reference_id
reference_type
scores
url	https://hackerone.com/reports/1238099

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2014059
reference_id	2014059
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2014059

reference_url	https://security.archlinux.org/ASA-202110-4
reference_id	ASA-202110-4
reference_type
scores
url	https://security.archlinux.org/ASA-202110-4

reference_url

reference_id

AVG-2460

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2022-32223

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-22960
reference_id	CVE-2021-22960
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-22960

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2021:5171
reference_id	RHSA-2021:5171
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5171

reference_url	https://access.redhat.com/errata/RHSA-2022:0041
reference_id	RHSA-2022:0041
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0041

reference_url	https://access.redhat.com/errata/RHSA-2022:0246
reference_id	RHSA-2022:0246
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0246

reference_url	https://access.redhat.com/errata/RHSA-2022:0350
reference_id	RHSA-2022:0350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0350

reference_url	https://access.redhat.com/errata/RHSA-2022:4914
reference_id	RHSA-2022:4914
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4914

fixed_packages

url	pkg:deb/debian/nodejs@12.22.7~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.7~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.7~dfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2021-22960

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tnhd-rr89-9udh

url VCID-tpck-fwrj-ruaq

vulnerability_id VCID-tpck-fwrj-ruaq

summary Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability.

references

reference_url

reference_id

reference_type

scores

value	0.06141
scoring_system	epss
scoring_elements	0.90837
published_at	2026-04-16T12:55:00Z

value	0.06141
scoring_system	epss
scoring_elements	0.90772
published_at	2026-04-02T12:55:00Z

value	0.06141
scoring_system	epss
scoring_elements	0.90783
published_at	2026-04-04T12:55:00Z

value	0.06141
scoring_system	epss
scoring_elements	0.90793
published_at	2026-04-07T12:55:00Z

value	0.06141
scoring_system	epss
scoring_elements	0.90804
published_at	2026-04-08T12:55:00Z

value	0.06141
scoring_system	epss
scoring_elements	0.90811
published_at	2026-04-09T12:55:00Z

value	0.06141
scoring_system	epss
scoring_elements	0.90819
published_at	2026-04-11T12:55:00Z

value	0.06141
scoring_system	epss
scoring_elements	0.9082
published_at	2026-04-12T12:55:00Z

value	0.06141
scoring_system	epss
scoring_elements	0.90818
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-32223

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2022-32223

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tpck-fwrj-ruaq

url VCID-tqg7-dw5d-z3et

vulnerability_id VCID-tqg7-dw5d-z3et

summary

Multiple vulnerabilities have been found in Node.js, worst of which
    could allow remote attackers to write arbitrary files.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12115.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12115.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12115

reference_id

reference_type

scores

value	0.00797
scoring_system	epss
scoring_elements	0.73956
published_at	2026-04-01T12:55:00Z

value	0.00797
scoring_system	epss
scoring_elements	0.73963
published_at	2026-04-02T12:55:00Z

value	0.00797
scoring_system	epss
scoring_elements	0.73988
published_at	2026-04-04T12:55:00Z

value	0.00797
scoring_system	epss
scoring_elements	0.73959
published_at	2026-04-07T12:55:00Z

value	0.00797
scoring_system	epss
scoring_elements	0.73993
published_at	2026-04-08T12:55:00Z

value	0.00797
scoring_system	epss
scoring_elements	0.74007
published_at	2026-04-09T12:55:00Z

value	0.00797
scoring_system	epss
scoring_elements	0.74029
published_at	2026-04-11T12:55:00Z

value	0.00797
scoring_system	epss
scoring_elements	0.74011
published_at	2026-04-12T12:55:00Z

value	0.00797
scoring_system	epss
scoring_elements	0.74004
published_at	2026-04-13T12:55:00Z

value	0.00797
scoring_system	epss
scoring_elements	0.74043
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12115

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12115
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12115

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1620219
reference_id	1620219
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1620219

reference_url	https://access.redhat.com/errata/RHSA-2018:2552
reference_id	RHSA-2018:2552
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2552

reference_url	https://access.redhat.com/errata/RHSA-2018:2553
reference_id	RHSA-2018:2553
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2553

reference_url	https://access.redhat.com/errata/RHSA-2018:2944
reference_id	RHSA-2018:2944
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2944

reference_url	https://access.redhat.com/errata/RHSA-2018:2949
reference_id	RHSA-2018:2949
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2949

reference_url	https://usn.ubuntu.com/USN-4796-1/
reference_id	USN-USN-4796-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4796-1/

fixed_packages

url	pkg:deb/debian/nodejs@10.15.0~dfsg-6?distro=trixie
purl	pkg:deb/debian/nodejs@10.15.0~dfsg-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.15.0~dfsg-6%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2018-12115

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tqg7-dw5d-z3et

url VCID-u8pe-48f4-abc9

vulnerability_id VCID-u8pe-48f4-abc9

summary

Authentication Bypass by Spoofing
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7160.json

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7160.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-7160

reference_id

reference_type

scores

value	0.01501
scoring_system	epss
scoring_elements	0.81177
published_at	2026-04-16T12:55:00Z

value	0.01501
scoring_system	epss
scoring_elements	0.81075
published_at	2026-04-01T12:55:00Z

value	0.01501
scoring_system	epss
scoring_elements	0.81084
published_at	2026-04-02T12:55:00Z

value	0.01501
scoring_system	epss
scoring_elements	0.81109
published_at	2026-04-04T12:55:00Z

value	0.01501
scoring_system	epss
scoring_elements	0.81108
published_at	2026-04-07T12:55:00Z

value	0.01501
scoring_system	epss
scoring_elements	0.81136
published_at	2026-04-08T12:55:00Z

value	0.01501
scoring_system	epss
scoring_elements	0.81142
published_at	2026-04-09T12:55:00Z

value	0.01501
scoring_system	epss
scoring_elements	0.8116
published_at	2026-04-11T12:55:00Z

value	0.01501
scoring_system	epss
scoring_elements	0.81147
published_at	2026-04-12T12:55:00Z

value	0.01501
scoring_system	epss
scoring_elements	0.8114
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-7160

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7160
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7160

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/nodejs/node/commit/e3950d1a402b80e4098a40aacddd6a104da0cfa9

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/nodejs/node/commit/e3950d1a402b80e4098a40aacddd6a104da0cfa9

reference_url

https://nodejs.org/en/blog/vulnerability/march-2018-security-releases

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nodejs.org/en/blog/vulnerability/march-2018-security-releases

reference_url	https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/

reference_url	https://support.f5.com/csp/article/K63025104?utm_source=f5support&amp%3Butm_medium=RSS
reference_id
reference_type
scores
url	https://support.f5.com/csp/article/K63025104?utm_source=f5support&amp%3Butm_medium=RSS

reference_url

https://support.f5.com/csp/article/K63025104?utm_source=f5support&utm_medium=RSS

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.f5.com/csp/article/K63025104?utm_source=f5support&utm_medium=RSS

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1561979
reference_id	1561979
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1561979

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*
reference_id	cpe:2.3:a:nodejs:node.js:::::-:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::lts:::*
reference_id	cpe:2.3:a:nodejs:node.js:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::lts:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-7160

reference_id

CVE-2018-7160

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-7160

reference_url

https://github.com/advisories/GHSA-wq4c-wm6x-jw44

reference_id

GHSA-wq4c-wm6x-jw44

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wq4c-wm6x-jw44

reference_url	https://access.redhat.com/errata/RHSA-2018:2949
reference_id	RHSA-2018:2949
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2949

reference_url	https://usn.ubuntu.com/USN-4796-1/
reference_id	USN-USN-4796-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4796-1/

fixed_packages

url	pkg:deb/debian/nodejs@8.11.1~dfsg-2?distro=trixie
purl	pkg:deb/debian/nodejs@8.11.1~dfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@8.11.1~dfsg-2%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2018-7160, GHSA-wq4c-wm6x-jw44

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u8pe-48f4-abc9

url VCID-ueyx-hwjr-fuhq

vulnerability_id VCID-ueyx-hwjr-fuhq

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30583.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30583.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-30583

reference_id

reference_type

scores

value	0.00022
scoring_system	epss
scoring_elements	0.05743
published_at	2026-04-02T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05769
published_at	2026-04-16T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05812
published_at	2026-04-12T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05805
published_at	2026-04-13T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05784
published_at	2026-04-04T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05778
published_at	2026-04-07T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05818
published_at	2026-04-08T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05843
published_at	2026-04-09T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05821
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-30583

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2219833
reference_id	2219833
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2219833

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url

https://nodejs.org/en/blog/vulnerability/june-2023-security-releases

reference_id

june-2023-security-releases

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-09T18:28:41Z/

url

https://nodejs.org/en/blog/vulnerability/june-2023-security-releases

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2023-30583

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ueyx-hwjr-fuhq

url VCID-uftn-4gjb-dqe6

vulnerability_id VCID-uftn-4gjb-dqe6

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32003.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32003.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-32003

reference_id

reference_type

scores

value	0.00063
scoring_system	epss
scoring_elements	0.19891
published_at	2026-04-02T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19683
published_at	2026-04-16T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19947
published_at	2026-04-04T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19674
published_at	2026-04-07T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19754
published_at	2026-04-08T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19805
published_at	2026-04-09T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.1981
published_at	2026-04-11T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19765
published_at	2026-04-12T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19708
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-32003

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/2037887

reference_id

2037887

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:15:53Z/

url

https://hackerone.com/reports/2037887

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2230959
reference_id	2230959
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2230959

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/

reference_id

JQPELKG2LVTADSB7ME73AV4DXQK47PWK

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:15:53Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/

reference_url

https://security.netapp.com/advisory/ntap-20230915-0009/

reference_id

ntap-20230915-0009

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:15:53Z/

url

https://security.netapp.com/advisory/ntap-20230915-0009/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX/

reference_id

PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:15:53Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX/

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2023-32003

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uftn-4gjb-dqe6

url VCID-us11-vy4j-pfd2

vulnerability_id VCID-us11-vy4j-pfd2

summary

Multiple vulnerabilities have been found in Node.js, worst of which
    could allow remote attackers to write arbitrary files.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00059.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00059.html

reference_url	https://access.redhat.com/errata/RHSA-2019:1821
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1821

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5737.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5737.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-5737

reference_id

reference_type

scores

value	0.26351
scoring_system	epss
scoring_elements	0.96272
published_at	2026-04-01T12:55:00Z

value	0.26351
scoring_system	epss
scoring_elements	0.96319
published_at	2026-04-16T12:55:00Z

value	0.26351
scoring_system	epss
scoring_elements	0.96303
published_at	2026-04-09T12:55:00Z

value	0.26351
scoring_system	epss
scoring_elements	0.96307
published_at	2026-04-12T12:55:00Z

value	0.26351
scoring_system	epss
scoring_elements	0.9631
published_at	2026-04-13T12:55:00Z

value	0.26351
scoring_system	epss
scoring_elements	0.96279
published_at	2026-04-02T12:55:00Z

value	0.26351
scoring_system	epss
scoring_elements	0.96287
published_at	2026-04-04T12:55:00Z

value	0.26351
scoring_system	epss
scoring_elements	0.96291
published_at	2026-04-07T12:55:00Z

value	0.26351
scoring_system	epss
scoring_elements	0.963
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-5737

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5737
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5737

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/

reference_url	https://security.gentoo.org/glsa/202003-48
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/202003-48

reference_url	https://security.netapp.com/advisory/ntap-20190502-0008/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190502-0008/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1690808
reference_id	1690808
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1690808

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*
reference_id	cpe:2.3:a:nodejs:node.js:::::-:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::lts:::*
reference_id	cpe:2.3:a:nodejs:node.js:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::lts:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-5737

reference_id

CVE-2019-5737

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-5737

reference_url	https://usn.ubuntu.com/USN-4796-1/
reference_id	USN-USN-4796-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4796-1/

fixed_packages

url	pkg:deb/debian/nodejs@10.15.2~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@10.15.2~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.15.2~dfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2019-5737

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-us11-vy4j-pfd2

url VCID-usab-z8q8-7qd8

vulnerability_id VCID-usab-z8q8-7qd8

summary nodejs: path module regular expression denial of service

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7158.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7158.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-7158

reference_id

reference_type

scores

value	0.01264
scoring_system	epss
scoring_elements	0.79394
published_at	2026-04-01T12:55:00Z

value	0.01264
scoring_system	epss
scoring_elements	0.79474
published_at	2026-04-16T12:55:00Z

value	0.01264
scoring_system	epss
scoring_elements	0.7947
published_at	2026-04-11T12:55:00Z

value	0.01264
scoring_system	epss
scoring_elements	0.79454
published_at	2026-04-12T12:55:00Z

value	0.01264
scoring_system	epss
scoring_elements	0.79443
published_at	2026-04-13T12:55:00Z

value	0.01264
scoring_system	epss
scoring_elements	0.79401
published_at	2026-04-02T12:55:00Z

value	0.01264
scoring_system	epss
scoring_elements	0.79424
published_at	2026-04-04T12:55:00Z

value	0.01264
scoring_system	epss
scoring_elements	0.79411
published_at	2026-04-07T12:55:00Z

value	0.01264
scoring_system	epss
scoring_elements	0.79438
published_at	2026-04-08T12:55:00Z

value	0.01264
scoring_system	epss
scoring_elements	0.79447
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-7158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7158

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1561980
reference_id	1561980
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1561980

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*
reference_id	cpe:2.3:a:nodejs:node.js:::::-:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::lts:::*
reference_id	cpe:2.3:a:nodejs:node.js:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::lts:::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-7158

reference_id

CVE-2018-7158

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-7158

fixed_packages

url	pkg:deb/debian/nodejs@6.0.0~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@6.0.0~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@6.0.0~dfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2018-7158

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-usab-z8q8-7qd8

url VCID-v3uy-dqn9-qye5

vulnerability_id VCID-v3uy-dqn9-qye5

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32222.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32222.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-32222

reference_id

reference_type

scores

value	0.0062
scoring_system	epss
scoring_elements	0.69973
published_at	2026-04-02T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.69987
published_at	2026-04-04T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.69964
published_at	2026-04-07T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70012
published_at	2026-04-08T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70028
published_at	2026-04-09T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70051
published_at	2026-04-11T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70036
published_at	2026-04-12T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70023
published_at	2026-04-13T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70066
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-32222

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2105424
reference_id	2105424
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2105424

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2022-32222

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v3uy-dqn9-qye5

url VCID-vhg4-51cg-ebaa

vulnerability_id VCID-vhg4-51cg-ebaa

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21891.json

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21891.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-21891

reference_id

reference_type

scores

value	0.00235
scoring_system	epss
scoring_elements	0.4653
published_at	2026-04-16T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46443
published_at	2026-04-02T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46463
published_at	2026-04-12T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46412
published_at	2026-04-07T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46468
published_at	2026-04-09T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46492
published_at	2026-04-11T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46472
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-21891

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/2259914

reference_id

2259914

reference_type

scores

value	7.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-20T17:59:04Z/

url

https://hackerone.com/reports/2259914

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2265720
reference_id	2265720
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2265720

reference_url	https://security.gentoo.org/glsa/202505-11
reference_id	GLSA-202505-11
reference_type
scores
url	https://security.gentoo.org/glsa/202505-11

reference_url

https://security.netapp.com/advisory/ntap-20240315-0005/

reference_id

ntap-20240315-0005

reference_type

scores

value	7.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-20T17:59:04Z/

url

https://security.netapp.com/advisory/ntap-20240315-0005/

reference_url	https://access.redhat.com/errata/RHSA-2024:1687
reference_id	RHSA-2024:1687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1687

reference_url	https://access.redhat.com/errata/RHSA-2024:1688
reference_id	RHSA-2024:1688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1688

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2024-21891

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vhg4-51cg-ebaa

url VCID-vkvx-gxbu-3uau

vulnerability_id VCID-vkvx-gxbu-3uau

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22019.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22019.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-22019

reference_id

reference_type

scores

value	0.0038
scoring_system	epss
scoring_elements	0.59524
published_at	2026-04-16T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59475
published_at	2026-04-04T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59442
published_at	2026-04-07T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59493
published_at	2026-04-08T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59506
published_at	2026-04-09T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59525
published_at	2026-04-11T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59509
published_at	2026-04-12T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.5949
published_at	2026-04-13T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.5945
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-22019

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22019
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22019

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055
reference_id	1064055
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055

reference_url

https://hackerone.com/reports/2233486

reference_id

2233486

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T21:15:49Z/

url

https://hackerone.com/reports/2233486

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2264574
reference_id	2264574
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2264574

reference_url	https://security.gentoo.org/glsa/202505-11
reference_id	GLSA-202505-11
reference_type
scores
url	https://security.gentoo.org/glsa/202505-11

reference_url

https://security.netapp.com/advisory/ntap-20240315-0004/

reference_id

ntap-20240315-0004

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T21:15:49Z/

url

https://security.netapp.com/advisory/ntap-20240315-0004/

reference_url	https://access.redhat.com/errata/RHSA-2024:1354
reference_id	RHSA-2024:1354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1354

reference_url	https://access.redhat.com/errata/RHSA-2024:1424
reference_id	RHSA-2024:1424
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1424

reference_url	https://access.redhat.com/errata/RHSA-2024:1438
reference_id	RHSA-2024:1438
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1438

reference_url	https://access.redhat.com/errata/RHSA-2024:1444
reference_id	RHSA-2024:1444
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1444

reference_url	https://access.redhat.com/errata/RHSA-2024:1503
reference_id	RHSA-2024:1503
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1503

reference_url	https://access.redhat.com/errata/RHSA-2024:1510
reference_id	RHSA-2024:1510
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1510

reference_url	https://access.redhat.com/errata/RHSA-2024:1678
reference_id	RHSA-2024:1678
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1678

reference_url	https://access.redhat.com/errata/RHSA-2024:1687
reference_id	RHSA-2024:1687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1687

reference_url	https://access.redhat.com/errata/RHSA-2024:1688
reference_id	RHSA-2024:1688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1688

reference_url	https://access.redhat.com/errata/RHSA-2024:1880
reference_id	RHSA-2024:1880
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1880

reference_url	https://access.redhat.com/errata/RHSA-2024:1932
reference_id	RHSA-2024:1932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1932

reference_url	https://access.redhat.com/errata/RHSA-2024:2651
reference_id	RHSA-2024:2651
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2651

reference_url	https://access.redhat.com/errata/RHSA-2024:2793
reference_id	RHSA-2024:2793
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2793

fixed_packages

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.19.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@18.19.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2024-22019

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vkvx-gxbu-3uau

100

url VCID-w6yn-qt4p-vudt

vulnerability_id VCID-w6yn-qt4p-vudt

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22018.json

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22018.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-22018

reference_id

reference_type

scores

value	0.00212
scoring_system	epss
scoring_elements	0.43733
published_at	2026-04-16T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43711
published_at	2026-04-04T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43646
published_at	2026-04-07T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43697
published_at	2026-04-08T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43701
published_at	2026-04-09T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.4372
published_at	2026-04-11T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43689
published_at	2026-04-12T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43672
published_at	2026-04-13T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43687
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-22018

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/2145862

reference_id

2145862

reference_type

scores

value	2.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T16:07:56Z/

url

https://hackerone.com/reports/2145862

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2296990
reference_id	2296990
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2296990

reference_url

http://www.openwall.com/lists/oss-security/2024/07/19/3

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T16:07:56Z/

url

http://www.openwall.com/lists/oss-security/2024/07/19/3

reference_url

http://www.openwall.com/lists/oss-security/2024/07/11/6

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T16:07:56Z/

url

http://www.openwall.com/lists/oss-security/2024/07/11/6

reference_url	https://security.gentoo.org/glsa/202505-11
reference_id	GLSA-202505-11
reference_type
scores
url	https://security.gentoo.org/glsa/202505-11

reference_url	https://access.redhat.com/errata/RHSA-2024:5814
reference_id	RHSA-2024:5814
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5814

reference_url	https://access.redhat.com/errata/RHSA-2024:5815
reference_id	RHSA-2024:5815
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5815

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.15.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.15.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.15.1%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2024-22018

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w6yn-qt4p-vudt

101

url VCID-wf5t-3pwz-c7d7

vulnerability_id VCID-wf5t-3pwz-c7d7

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which can lead to arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23085.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23085.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-23085

reference_id

reference_type

scores

value	0.00164
scoring_system	epss
scoring_elements	0.37451
published_at	2026-04-16T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.3744
published_at	2026-04-08T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37452
published_at	2026-04-09T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37466
published_at	2026-04-11T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37431
published_at	2026-04-12T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37404
published_at	2026-04-13T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38175
published_at	2026-04-02T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38197
published_at	2026-04-04T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38068
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-23085

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23085
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23085

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094134
reference_id	1094134
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094134

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2342618
reference_id	2342618
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2342618

reference_url	https://security.gentoo.org/glsa/202506-08
reference_id	GLSA-202506-08
reference_type
scores
url	https://security.gentoo.org/glsa/202506-08

reference_url

https://nodejs.org/en/blog/vulnerability/january-2025-security-releases

reference_id

january-2025-security-releases

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-07T15:50:24Z/

url

https://nodejs.org/en/blog/vulnerability/january-2025-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2025:1351
reference_id	RHSA-2025:1351
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1351

reference_url	https://access.redhat.com/errata/RHSA-2025:1443
reference_id	RHSA-2025:1443
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1443

reference_url	https://access.redhat.com/errata/RHSA-2025:1446
reference_id	RHSA-2025:1446
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1446

reference_url	https://access.redhat.com/errata/RHSA-2025:1582
reference_id	RHSA-2025:1582
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1582

reference_url	https://access.redhat.com/errata/RHSA-2025:1611
reference_id	RHSA-2025:1611
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1611

reference_url	https://access.redhat.com/errata/RHSA-2025:1613
reference_id	RHSA-2025:1613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1613

fixed_packages

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u6?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u6%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.18.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.18.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.18.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2025-23085

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wf5t-3pwz-c7d7

102

url VCID-wpfq-sq11-fqa9

vulnerability_id VCID-wpfq-sq11-fqa9

summary

Multiple vulnerabilities have been found in Node.js, worst of which
    could allow remote attackers to write arbitrary files.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15606.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15606.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-15606

reference_id

reference_type

scores

value	0.01338
scoring_system	epss
scoring_elements	0.79948
published_at	2026-04-01T12:55:00Z

value	0.01338
scoring_system	epss
scoring_elements	0.79955
published_at	2026-04-02T12:55:00Z

value	0.01338
scoring_system	epss
scoring_elements	0.79976
published_at	2026-04-04T12:55:00Z

value	0.01338
scoring_system	epss
scoring_elements	0.79965
published_at	2026-04-07T12:55:00Z

value	0.01338
scoring_system	epss
scoring_elements	0.79993
published_at	2026-04-08T12:55:00Z

value	0.01338
scoring_system	epss
scoring_elements	0.80002
published_at	2026-04-09T12:55:00Z

value	0.01338
scoring_system	epss
scoring_elements	0.80022
published_at	2026-04-11T12:55:00Z

value	0.01338
scoring_system	epss
scoring_elements	0.80006
published_at	2026-04-12T12:55:00Z

value	0.01338
scoring_system	epss
scoring_elements	0.79998
published_at	2026-04-13T12:55:00Z

value	0.01338
scoring_system	epss
scoring_elements	0.80027
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-15606

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1800366
reference_id	1800366
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1800366

reference_url	https://access.redhat.com/errata/RHSA-2020:0598
reference_id	RHSA-2020:0598
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0598

reference_url	https://usn.ubuntu.com/6380-1/
reference_id	USN-6380-1
reference_type
scores
url	https://usn.ubuntu.com/6380-1/

fixed_packages

url	pkg:deb/debian/nodejs@10.19.0~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@10.19.0~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.19.0~dfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2019-15606

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wpfq-sq11-fqa9

103

url VCID-wzcw-dd7m-zkaz

vulnerability_id VCID-wzcw-dd7m-zkaz

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32215.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32215.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-32215

reference_id

reference_type

scores

value	0.87391
scoring_system	epss
scoring_elements	0.99459
published_at	2026-04-16T12:55:00Z

value	0.88764
scoring_system	epss
scoring_elements	0.99508
published_at	2026-04-02T12:55:00Z

value	0.88764
scoring_system	epss
scoring_elements	0.9951
published_at	2026-04-04T12:55:00Z

value	0.88764
scoring_system	epss
scoring_elements	0.99511
published_at	2026-04-07T12:55:00Z

value	0.88764
scoring_system	epss
scoring_elements	0.99512
published_at	2026-04-09T12:55:00Z

value	0.88764
scoring_system	epss
scoring_elements	0.99513
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-32215

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/1501679
reference_id
reference_type
scores
url	https://hackerone.com/reports/1501679

reference_url	https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2105426
reference_id	2105426
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2105426

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-32215
reference_id	CVE-2022-32215
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-32215

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2022:6389
reference_id	RHSA-2022:6389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6389

reference_url	https://access.redhat.com/errata/RHSA-2022:6448
reference_id	RHSA-2022:6448
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6448

reference_url	https://access.redhat.com/errata/RHSA-2022:6449
reference_id	RHSA-2022:6449
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6449

reference_url	https://access.redhat.com/errata/RHSA-2022:6595
reference_id	RHSA-2022:6595
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6595

reference_url	https://access.redhat.com/errata/RHSA-2022:6985
reference_id	RHSA-2022:6985
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6985

reference_url	https://usn.ubuntu.com/6491-1/
reference_id	USN-6491-1
reference_type
scores
url	https://usn.ubuntu.com/6491-1/

fixed_packages

url	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.6.0%2Bdfsg-3?distro=trixie
purl	pkg:deb/debian/nodejs@18.6.0%2Bdfsg-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.6.0%252Bdfsg-3%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2022-32215

risk_score 10.0

exploitability 2.0

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wzcw-dd7m-zkaz

104

url VCID-x1an-pjq4-nbby

vulnerability_id VCID-x1an-pjq4-nbby

summary nodejs: Nodejs file permissions bypass

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55130.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55130.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-55130

reference_id

reference_type

scores

value	0.00015
scoring_system	epss
scoring_elements	0.02953
published_at	2026-04-02T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02906
published_at	2026-04-16T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02964
published_at	2026-04-11T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02941
published_at	2026-04-12T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02932
published_at	2026-04-13T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02968
published_at	2026-04-04T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02976
published_at	2026-04-07T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02977
published_at	2026-04-08T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03002
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-55130

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55130
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55130

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2431352
reference_id	2431352
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2431352

reference_url

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases

reference_id

december-2025-security-releases

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:29Z/

url

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2026:1842
reference_id	RHSA-2026:1842
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1842

reference_url	https://access.redhat.com/errata/RHSA-2026:1843
reference_id	RHSA-2026:1843
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1843

reference_url	https://access.redhat.com/errata/RHSA-2026:2420
reference_id	RHSA-2026:2420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2420

reference_url	https://access.redhat.com/errata/RHSA-2026:2421
reference_id	RHSA-2026:2421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2421

reference_url	https://access.redhat.com/errata/RHSA-2026:2422
reference_id	RHSA-2026:2422
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2422

reference_url	https://access.redhat.com/errata/RHSA-2026:2767
reference_id	RHSA-2026:2767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2767

reference_url	https://access.redhat.com/errata/RHSA-2026:2768
reference_id	RHSA-2026:2768
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2768

reference_url	https://access.redhat.com/errata/RHSA-2026:2781
reference_id	RHSA-2026:2781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2781

reference_url	https://access.redhat.com/errata/RHSA-2026:2782
reference_id	RHSA-2026:2782
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2782

reference_url	https://access.redhat.com/errata/RHSA-2026:2783
reference_id	RHSA-2026:2783
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2783

reference_url	https://access.redhat.com/errata/RHSA-2026:2864
reference_id	RHSA-2026:2864
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2864

reference_url	https://access.redhat.com/errata/RHSA-2026:2899
reference_id	RHSA-2026:2899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2899

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.0%2Bdfsg%2B~cs22.19.6-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.0%2Bdfsg%2B~cs22.19.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.0%252Bdfsg%252B~cs22.19.6-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2025-55130

risk_score 3.2

exploitability 0.5

weighted_severity 6.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x1an-pjq4-nbby

105

url VCID-xeay-8ec9-4bdd

vulnerability_id VCID-xeay-8ec9-4bdd

summary

Multiple vulnerabilities have been found in NodeJS, the worst of
    which could result in the arbitrary execution of code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8174.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8174.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8174

reference_id

reference_type

scores

value	0.01491
scoring_system	epss
scoring_elements	0.80994
published_at	2026-04-01T12:55:00Z

value	0.01491
scoring_system	epss
scoring_elements	0.81003
published_at	2026-04-02T12:55:00Z

value	0.01491
scoring_system	epss
scoring_elements	0.81027
published_at	2026-04-04T12:55:00Z

value	0.01491
scoring_system	epss
scoring_elements	0.81025
published_at	2026-04-07T12:55:00Z

value	0.01491
scoring_system	epss
scoring_elements	0.81053
published_at	2026-04-08T12:55:00Z

value	0.01491
scoring_system	epss
scoring_elements	0.8106
published_at	2026-04-09T12:55:00Z

value	0.01491
scoring_system	epss
scoring_elements	0.81078
published_at	2026-04-11T12:55:00Z

value	0.01491
scoring_system	epss
scoring_elements	0.81064
published_at	2026-04-12T12:55:00Z

value	0.01491
scoring_system	epss
scoring_elements	0.81056
published_at	2026-04-13T12:55:00Z

value	0.01491
scoring_system	epss
scoring_elements	0.81094
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8174

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1845256
reference_id	1845256
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1845256

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145
reference_id	962145
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145

reference_url	https://access.redhat.com/errata/RHSA-2020:2847
reference_id	RHSA-2020:2847
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2847

reference_url	https://access.redhat.com/errata/RHSA-2020:2848
reference_id	RHSA-2020:2848
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2848

reference_url	https://access.redhat.com/errata/RHSA-2020:2849
reference_id	RHSA-2020:2849
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2849

reference_url	https://access.redhat.com/errata/RHSA-2020:2852
reference_id	RHSA-2020:2852
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2852

reference_url	https://access.redhat.com/errata/RHSA-2020:2895
reference_id	RHSA-2020:2895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2895

reference_url	https://access.redhat.com/errata/RHSA-2020:3042
reference_id	RHSA-2020:3042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3042

reference_url	https://access.redhat.com/errata/RHSA-2020:3084
reference_id	RHSA-2020:3084
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3084

reference_url	https://usn.ubuntu.com/6380-1/
reference_id	USN-6380-1
reference_type
scores
url	https://usn.ubuntu.com/6380-1/

fixed_packages

url	pkg:deb/debian/nodejs@10.21.0~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@10.21.0~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.21.0~dfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2020-8174

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xeay-8ec9-4bdd

106

url VCID-xert-byqc-xbe2

vulnerability_id VCID-xert-byqc-xbe2

summary Node.js: Node.js: Unauthorized inter-process communication due to missing Unix Domain Socket permission checks

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21711.json

reference_id

reference_type

scores

value	5.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21711.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-21711

reference_id

reference_type

scores

value	3e-05
scoring_system	epss
scoring_elements	0.00125
published_at	2026-04-04T12:55:00Z

value	4e-05
scoring_system	epss
scoring_elements	0.00149
published_at	2026-04-16T12:55:00Z

value	4e-05
scoring_system	epss
scoring_elements	0.00147
published_at	2026-04-13T12:55:00Z

value	4e-05
scoring_system	epss
scoring_elements	0.00146
published_at	2026-04-08T12:55:00Z

value	4e-05
scoring_system	epss
scoring_elements	0.00148
published_at	2026-04-12T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00245
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-21711

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2453158
reference_id	2453158
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2453158

reference_url

https://nodejs.org/en/blog/vulnerability/march-2026-security-releases

reference_id

march-2026-security-releases

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-01T15:02:57Z/

url

https://nodejs.org/en/blog/vulnerability/march-2026-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2026:7350
reference_id	RHSA-2026:7350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7350

reference_url	https://access.redhat.com/errata/RHSA-2026:7670
reference_id	RHSA-2026:7670
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7670

reference_url	https://access.redhat.com/errata/RHSA-2026:7675
reference_id	RHSA-2026:7675
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7675

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2026-21711

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xert-byqc-xbe2

107

url VCID-xkpz-pb5y-jqcy

vulnerability_id VCID-xkpz-pb5y-jqcy

summary nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23166.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23166.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-23166

reference_id

reference_type

scores

value	0.00304
scoring_system	epss
scoring_elements	0.53731
published_at	2026-04-16T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53629
published_at	2026-04-07T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.5368
published_at	2026-04-08T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53678
published_at	2026-04-09T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53727
published_at	2026-04-11T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53711
published_at	2026-04-12T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53693
published_at	2026-04-13T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53633
published_at	2026-04-02T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53661
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-23166

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105832
reference_id	1105832
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105832

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2367163
reference_id	2367163
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2367163

reference_url	https://security.archlinux.org/ASA-202505-6
reference_id	ASA-202505-6
reference_type
scores
url	https://security.archlinux.org/ASA-202505-6

reference_url	https://security.archlinux.org/ASA-202505-7
reference_id	ASA-202505-7
reference_type
scores
url	https://security.archlinux.org/ASA-202505-7

reference_url	https://security.archlinux.org/ASA-202505-8
reference_id	ASA-202505-8
reference_type
scores
url	https://security.archlinux.org/ASA-202505-8

reference_url

https://security.archlinux.org/AVG-2871

reference_id

AVG-2871

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2871

reference_url

reference_id

AVG-2872

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2873

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://nodejs.org/en/blog/vulnerability/may-2025-security-releases

reference_url

reference_id

may-2025-security-releases

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-19T14:11:17Z/

url

https://nodejs.org/en/blog/vulnerability/may-2025-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2025:8467
reference_id	RHSA-2025:8467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8467

reference_url	https://access.redhat.com/errata/RHSA-2025:8468
reference_id	RHSA-2025:8468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8468

reference_url	https://access.redhat.com/errata/RHSA-2025:8493
reference_id	RHSA-2025:8493
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8493

reference_url	https://access.redhat.com/errata/RHSA-2025:8506
reference_id	RHSA-2025:8506
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8506

reference_url	https://access.redhat.com/errata/RHSA-2025:8514
reference_id	RHSA-2025:8514
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8514

reference_url	https://access.redhat.com/errata/RHSA-2025:8902
reference_id	RHSA-2025:8902
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8902

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2025-23166

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xkpz-pb5y-jqcy

108

url VCID-xnzh-wpd4-63f9

vulnerability_id VCID-xnzh-wpd4-63f9

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35255.json

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35255.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-35255

reference_id

reference_type

scores

value	0.01191
scoring_system	epss
scoring_elements	0.78851
published_at	2026-04-12T12:55:00Z

value	0.01191
scoring_system	epss
scoring_elements	0.78841
published_at	2026-04-13T12:55:00Z

value	0.01191
scoring_system	epss
scoring_elements	0.78829
published_at	2026-04-04T12:55:00Z

value	0.01191
scoring_system	epss
scoring_elements	0.78812
published_at	2026-04-07T12:55:00Z

value	0.01191
scoring_system	epss
scoring_elements	0.78838
published_at	2026-04-08T12:55:00Z

value	0.01191
scoring_system	epss
scoring_elements	0.78844
published_at	2026-04-09T12:55:00Z

value	0.01191
scoring_system	epss
scoring_elements	0.78868
published_at	2026-04-11T12:55:00Z

value	0.01191
scoring_system	epss
scoring_elements	0.788
published_at	2026-04-02T12:55:00Z

value	0.01191
scoring_system	epss
scoring_elements	0.78869
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-35255

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1690000

reference_id

1690000

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-24T13:23:49Z/

url

https://hackerone.com/reports/1690000

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2130517
reference_id	2130517
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2130517

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url

https://security.netapp.com/advisory/ntap-20230113-0002/

reference_id

ntap-20230113-0002

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-24T13:23:49Z/

url

https://security.netapp.com/advisory/ntap-20230113-0002/

reference_url	https://access.redhat.com/errata/RHSA-2022:6963
reference_id	RHSA-2022:6963
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6963

reference_url	https://access.redhat.com/errata/RHSA-2022:6964
reference_id	RHSA-2022:6964
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6964

reference_url	https://access.redhat.com/errata/RHSA-2022:7821
reference_id	RHSA-2022:7821
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7821

fixed_packages

url	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.10.0%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@18.10.0%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.10.0%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2022-35255

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xnzh-wpd4-63f9

109

url VCID-xq3f-g8n8-tffp

vulnerability_id VCID-xq3f-g8n8-tffp

summary The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9748

reference_id

reference_type

scores

value	0.0048
scoring_system	epss
scoring_elements	0.64993
published_at	2026-04-01T12:55:00Z

value	0.0048
scoring_system	epss
scoring_elements	0.65043
published_at	2026-04-02T12:55:00Z

value	0.0048
scoring_system	epss
scoring_elements	0.65069
published_at	2026-04-04T12:55:00Z

value	0.0048
scoring_system	epss
scoring_elements	0.65031
published_at	2026-04-07T12:55:00Z

value	0.0048
scoring_system	epss
scoring_elements	0.65081
published_at	2026-04-08T12:55:00Z

value	0.0048
scoring_system	epss
scoring_elements	0.65094
published_at	2026-04-09T12:55:00Z

value	0.0048
scoring_system	epss
scoring_elements	0.65113
published_at	2026-04-11T12:55:00Z

value	0.0048
scoring_system	epss
scoring_elements	0.65103
published_at	2026-04-12T12:55:00Z

value	0.0048
scoring_system	epss
scoring_elements	0.65075
published_at	2026-04-13T12:55:00Z

value	0.0048
scoring_system	epss
scoring_elements	0.65111
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9748

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9748
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9748

fixed_packages

url	pkg:deb/debian/nodejs@4.0.0~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@4.0.0~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@4.0.0~dfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2014-9748

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xq3f-g8n8-tffp

110

url VCID-xva8-adbf-87h3

vulnerability_id VCID-xva8-adbf-87h3

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22017.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22017.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-22017

reference_id

reference_type

scores

value	0.00637
scoring_system	epss
scoring_elements	0.70418
published_at	2026-04-02T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70435
published_at	2026-04-04T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75311
published_at	2026-04-09T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75299
published_at	2026-04-13T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.7531
published_at	2026-04-12T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75332
published_at	2026-04-11T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75257
published_at	2026-04-07T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.753
published_at	2026-04-08T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75338
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-22017

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/2170226

reference_id

2170226

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-07T04:00:22Z/

url

https://hackerone.com/reports/2170226

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2265727
reference_id	2265727
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2265727

reference_url	https://security.gentoo.org/glsa/202505-11
reference_id	GLSA-202505-11
reference_type
scores
url	https://security.gentoo.org/glsa/202505-11

reference_url

https://security.netapp.com/advisory/ntap-20240517-0007/

reference_id

ntap-20240517-0007

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-07T04:00:22Z/

url

https://security.netapp.com/advisory/ntap-20240517-0007/

reference_url	https://access.redhat.com/errata/RHSA-2024:1687
reference_id	RHSA-2024:1687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1687

reference_url	https://access.redhat.com/errata/RHSA-2024:1688
reference_id	RHSA-2024:1688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1688

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2024-22017

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xva8-adbf-87h3

111

url VCID-ydzj-e97m-k3cp

vulnerability_id VCID-ydzj-e97m-k3cp

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which can lead to arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23083.json

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23083.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-23083

reference_id

reference_type

scores

value	0.00105
scoring_system	epss
scoring_elements	0.28663
published_at	2026-04-02T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28548
published_at	2026-04-16T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28621
published_at	2026-04-11T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28578
published_at	2026-04-12T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28529
published_at	2026-04-13T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28709
published_at	2026-04-04T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28514
published_at	2026-04-07T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28579
published_at	2026-04-08T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28619
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-23083

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094134
reference_id	1094134
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094134

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2339392
reference_id	2339392
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2339392

reference_url	https://security.gentoo.org/glsa/202506-08
reference_id	GLSA-202506-08
reference_type
scores
url	https://security.gentoo.org/glsa/202506-08

reference_url

https://nodejs.org/en/blog/vulnerability/january-2025-security-releases

reference_id

january-2025-security-releases

reference_type

scores

value	7.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-28T04:55:27Z/

url

https://nodejs.org/en/blog/vulnerability/january-2025-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2025:1351
reference_id	RHSA-2025:1351
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1351

reference_url	https://access.redhat.com/errata/RHSA-2025:1443
reference_id	RHSA-2025:1443
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1443

reference_url	https://access.redhat.com/errata/RHSA-2025:1522
reference_id	RHSA-2025:1522
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1522

reference_url	https://access.redhat.com/errata/RHSA-2025:1611
reference_id	RHSA-2025:1611
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1611

reference_url	https://access.redhat.com/errata/RHSA-2025:1613
reference_id	RHSA-2025:1613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1613

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.18.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.18.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.18.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2025-23083

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ydzj-e97m-k3cp

112

url VCID-yxvf-4pb4-d7ec

vulnerability_id VCID-yxvf-4pb4-d7ec

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39333.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39333.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-39333

reference_id

reference_type

scores

value	0.00094
scoring_system	epss
scoring_elements	0.26407
published_at	2026-04-02T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26249
published_at	2026-04-16T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26348
published_at	2026-04-11T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26302
published_at	2026-04-12T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26243
published_at	2026-04-13T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.2645
published_at	2026-04-04T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26224
published_at	2026-04-07T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26292
published_at	2026-04-08T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26339
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-39333

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054892
reference_id	1054892
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054892

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2244418
reference_id	2244418
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2244418

reference_url	https://security.gentoo.org/glsa/202505-11
reference_id	GLSA-202505-11
reference_type
scores
url	https://security.gentoo.org/glsa/202505-11

reference_url

https://nodejs.org/en/blog/vulnerability/october-2023-security-releases

reference_id

october-2023-security-releases

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-09T18:03:18Z/

url

https://nodejs.org/en/blog/vulnerability/october-2023-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2023:5849
reference_id	RHSA-2023:5849
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5849

reference_url	https://access.redhat.com/errata/RHSA-2023:5869
reference_id	RHSA-2023:5869
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5869

reference_url	https://access.redhat.com/errata/RHSA-2023:7205
reference_id	RHSA-2023:7205
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7205

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie
purl	pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.13.0%252Bdfsg1-1.1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie
purl	pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.0%252Bdfsg-6~deb12u1%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2023-39333

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yxvf-4pb4-d7ec

113

url VCID-yz6h-h3bb-27ee

vulnerability_id VCID-yz6h-h3bb-27ee

summary Node.js: Fail to Escape Arguments Properly in Microsoft Windows

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27980.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27980.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-27980

reference_id

reference_type

scores

value	0.00272
scoring_system	epss
scoring_elements	0.50561
published_at	2026-04-07T12:55:00Z

value	0.00272
scoring_system	epss
scoring_elements	0.50659
published_at	2026-04-16T12:55:00Z

value	0.00272
scoring_system	epss
scoring_elements	0.50618
published_at	2026-04-13T12:55:00Z

value	0.00272
scoring_system	epss
scoring_elements	0.50632
published_at	2026-04-12T12:55:00Z

value	0.00272
scoring_system	epss
scoring_elements	0.50654
published_at	2026-04-11T12:55:00Z

value	0.00272
scoring_system	epss
scoring_elements	0.50612
published_at	2026-04-09T12:55:00Z

value	0.00272
scoring_system	epss
scoring_elements	0.50615
published_at	2026-04-08T12:55:00Z

value	0.00272
scoring_system	epss
scoring_elements	0.5058
published_at	2026-04-02T12:55:00Z

value	0.00272
scoring_system	epss
scoring_elements	0.50607
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-27980

reference_url

http://www.openwall.com/lists/oss-security/2024/04/10/15

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T21:31:55Z/

url

http://www.openwall.com/lists/oss-security/2024/04/10/15

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2270693
reference_id	2270693
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2270693

reference_url

http://www.openwall.com/lists/oss-security/2024/07/19/3

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T21:31:55Z/

url

http://www.openwall.com/lists/oss-security/2024/07/19/3

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MZN6PFXHTCCUENAKZXTGWPKUAHI6E2W/

reference_id

5MZN6PFXHTCCUENAKZXTGWPKUAHI6E2W

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T21:31:55Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MZN6PFXHTCCUENAKZXTGWPKUAHI6E2W/

reference_url

http://www.openwall.com/lists/oss-security/2024/07/11/6

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T21:31:55Z/

url

http://www.openwall.com/lists/oss-security/2024/07/11/6

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUWBYDVCUSCX7YWTBX75LADMCVYFBGKU/

reference_id

JUWBYDVCUSCX7YWTBX75LADMCVYFBGKU

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T21:31:55Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUWBYDVCUSCX7YWTBX75LADMCVYFBGKU/

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2024-27980

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yz6h-h3bb-27ee

114

url VCID-z3gm-8afk-q7dv

vulnerability_id VCID-z3gm-8afk-q7dv

summary V8: Memory Corruption and Stack Overflow

references

reference_url	http://advisories.mageia.org/MGASA-2014-0516.html
reference_id
reference_type
scores
url	http://advisories.mageia.org/MGASA-2014-0516.html

reference_url	http://blog.nodejs.org/2014/07/31/v8-memory-corruption-stack-overflow/
reference_id
reference_type
scores
url	http://blog.nodejs.org/2014/07/31/v8-memory-corruption-stack-overflow/

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5256.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5256.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-5256

reference_id

reference_type

scores

value	0.01263
scoring_system	epss
scoring_elements	0.79467
published_at	2026-04-16T12:55:00Z

value	0.01263
scoring_system	epss
scoring_elements	0.79388
published_at	2026-04-01T12:55:00Z

value	0.01263
scoring_system	epss
scoring_elements	0.79395
published_at	2026-04-02T12:55:00Z

value	0.01263
scoring_system	epss
scoring_elements	0.79417
published_at	2026-04-04T12:55:00Z

value	0.01263
scoring_system	epss
scoring_elements	0.79404
published_at	2026-04-07T12:55:00Z

value	0.01263
scoring_system	epss
scoring_elements	0.79432
published_at	2026-04-08T12:55:00Z

value	0.01263
scoring_system	epss
scoring_elements	0.79441
published_at	2026-04-09T12:55:00Z

value	0.01263
scoring_system	epss
scoring_elements	0.79464
published_at	2026-04-11T12:55:00Z

value	0.01263
scoring_system	epss
scoring_elements	0.79447
published_at	2026-04-12T12:55:00Z

value	0.01263
scoring_system	epss
scoring_elements	0.79437
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-5256

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5256
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5256

reference_url	http://secunia.com/advisories/61260
reference_id
reference_type
scores
url	http://secunia.com/advisories/61260

reference_url	https://github.com/joyent/node/commit/530af9cb8e700e7596b3ec812bad123c9fa06356
reference_id
reference_type
scores
url	https://github.com/joyent/node/commit/530af9cb8e700e7596b3ec812bad123c9fa06356

reference_url	http://www-01.ibm.com/support/docview.wss?uid=swg21684769
reference_id
reference_type
scores
url	http://www-01.ibm.com/support/docview.wss?uid=swg21684769

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2015:142
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2015:142

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1125464
reference_id	1125464
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1125464

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760385
reference_id	760385
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760385

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.0:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.1:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.10:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.11:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.12:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.13:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.14:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.15:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.16:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.17:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.18:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.18:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.18:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.19:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.19:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.2:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.20:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.21:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.21:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.21:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.22:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.22:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.22:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.23:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.24:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.24:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.24:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.25:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.25:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.25:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.26:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.26:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.26:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.27:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.27:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.27:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.28:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.29:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.29:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.29:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.3:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.4:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.5:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.6:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.7:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.8:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.9:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.10.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.0:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.1:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.10:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.11:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.12:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.13:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.14:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.15:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.16:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.17:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.18:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.18:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.18:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.19:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.19:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.2:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.20:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.21:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.21:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.21:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.22:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.22:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.22:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.23:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.24:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.24:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.24:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.25:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.25:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.25:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.26:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.26:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.26:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.27:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.27:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.27:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.3:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.4:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.5:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.6:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.7:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.8:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.9:::::::*
reference_id	cpe:2.3:a:nodejs:nodejs:0.8.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.9:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-5256

reference_id

CVE-2014-5256

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2014-5256

reference_url	https://access.redhat.com/errata/RHSA-2014:1744
reference_id	RHSA-2014:1744
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1744

fixed_packages

url	pkg:deb/debian/nodejs@0.10.38~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@0.10.38~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0.10.38~dfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2014-5256

risk_score 2.2

exploitability 0.5

weighted_severity 4.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z3gm-8afk-q7dv

115

url VCID-zckz-447u-gueb

vulnerability_id VCID-zckz-447u-gueb

summary

Multiple vulnerabilities have been found in NodeJS, the worst of
    which could result in the arbitrary execution of code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8172.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8172.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8172

reference_id

reference_type

scores

value	0.01183
scoring_system	epss
scoring_elements	0.78718
published_at	2026-04-01T12:55:00Z

value	0.01183
scoring_system	epss
scoring_elements	0.78725
published_at	2026-04-02T12:55:00Z

value	0.01183
scoring_system	epss
scoring_elements	0.78757
published_at	2026-04-04T12:55:00Z

value	0.01183
scoring_system	epss
scoring_elements	0.78739
published_at	2026-04-07T12:55:00Z

value	0.01183
scoring_system	epss
scoring_elements	0.78764
published_at	2026-04-08T12:55:00Z

value	0.01183
scoring_system	epss
scoring_elements	0.78771
published_at	2026-04-09T12:55:00Z

value	0.01183
scoring_system	epss
scoring_elements	0.78795
published_at	2026-04-11T12:55:00Z

value	0.01183
scoring_system	epss
scoring_elements	0.78778
published_at	2026-04-12T12:55:00Z

value	0.01183
scoring_system	epss
scoring_elements	0.78769
published_at	2026-04-13T12:55:00Z

value	0.01183
scoring_system	epss
scoring_elements	0.78798
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8172

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1845247
reference_id	1845247
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1845247

reference_url	https://access.redhat.com/errata/RHSA-2020:2847
reference_id	RHSA-2020:2847
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2847

reference_url	https://access.redhat.com/errata/RHSA-2020:2852
reference_id	RHSA-2020:2852
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2852

reference_url	https://access.redhat.com/errata/RHSA-2020:2895
reference_id	RHSA-2020:2895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2895

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2020-8172

risk_score 3.4

exploitability 0.5

weighted_severity 6.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zckz-447u-gueb

116

url VCID-zj4d-e8r7-ufg3

vulnerability_id VCID-zj4d-e8r7-ufg3

summary

Multiple vulnerabilities have been found in NodeJS, the worst of
    which could result in the arbitrary execution of code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8287.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8287.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8287

reference_id

reference_type

scores

value	0.11865
scoring_system	epss
scoring_elements	0.93694
published_at	2026-04-01T12:55:00Z

value	0.11865
scoring_system	epss
scoring_elements	0.9375
published_at	2026-04-16T12:55:00Z

value	0.11865
scoring_system	epss
scoring_elements	0.93727
published_at	2026-04-09T12:55:00Z

value	0.11865
scoring_system	epss
scoring_elements	0.93732
published_at	2026-04-13T12:55:00Z

value	0.11865
scoring_system	epss
scoring_elements	0.93704
published_at	2026-04-02T12:55:00Z

value	0.11865
scoring_system	epss
scoring_elements	0.93714
published_at	2026-04-04T12:55:00Z

value	0.11865
scoring_system	epss
scoring_elements	0.93717
published_at	2026-04-07T12:55:00Z

value	0.11865
scoring_system	epss
scoring_elements	0.93726
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8287

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016690
reference_id	1016690
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016690

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1912863
reference_id	1912863
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1912863

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364
reference_id	979364
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364

reference_url	https://security.archlinux.org/ASA-202101-16
reference_id	ASA-202101-16
reference_type
scores
url	https://security.archlinux.org/ASA-202101-16

reference_url

reference_id

AVG-1400

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23165.json

reference_url	https://access.redhat.com/errata/RHSA-2021:0421
reference_id	RHSA-2021:0421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0421

reference_url	https://access.redhat.com/errata/RHSA-2021:0485
reference_id	RHSA-2021:0485
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0485

reference_url	https://access.redhat.com/errata/RHSA-2021:0521
reference_id	RHSA-2021:0521
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0521

reference_url	https://access.redhat.com/errata/RHSA-2021:0548
reference_id	RHSA-2021:0548
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0548

reference_url	https://access.redhat.com/errata/RHSA-2021:0549
reference_id	RHSA-2021:0549
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0549

reference_url	https://access.redhat.com/errata/RHSA-2021:0551
reference_id	RHSA-2021:0551
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0551

reference_url	https://usn.ubuntu.com/5563-1/
reference_id	USN-5563-1
reference_type
scores
url	https://usn.ubuntu.com/5563-1/

reference_url	https://usn.ubuntu.com/6380-1/
reference_id	USN-6380-1
reference_type
scores
url	https://usn.ubuntu.com/6380-1/

fixed_packages

url	pkg:deb/debian/nodejs@12.20.1~dfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@12.20.1~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.20.1~dfsg-1%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2020-8287

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zj4d-e8r7-ufg3

117

url VCID-znta-r3v4-hyg1

vulnerability_id VCID-znta-r3v4-hyg1

summary nodejs: Memory Leak in Node.js ReadFileUtf8 Binding Leading to DoS

references

reference_url

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23165.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-23165

reference_id

reference_type

scores

value	0.00356
scoring_system	epss
scoring_elements	0.57943
published_at	2026-04-16T12:55:00Z

value	0.00356
scoring_system	epss
scoring_elements	0.57938
published_at	2026-04-08T12:55:00Z

value	0.00356
scoring_system	epss
scoring_elements	0.57939
published_at	2026-04-09T12:55:00Z

value	0.00356
scoring_system	epss
scoring_elements	0.57956
published_at	2026-04-11T12:55:00Z

value	0.00356
scoring_system	epss
scoring_elements	0.57933
published_at	2026-04-12T12:55:00Z

value	0.00356
scoring_system	epss
scoring_elements	0.57913
published_at	2026-04-13T12:55:00Z

value	0.00356
scoring_system	epss
scoring_elements	0.57888
published_at	2026-04-02T12:55:00Z

value	0.00356
scoring_system	epss
scoring_elements	0.57907
published_at	2026-04-04T12:55:00Z

value	0.00356
scoring_system	epss
scoring_elements	0.57883
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-23165

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105832
reference_id	1105832
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105832

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2367162
reference_id	2367162
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2367162

reference_url	https://security.archlinux.org/ASA-202505-7
reference_id	ASA-202505-7
reference_type
scores
url	https://security.archlinux.org/ASA-202505-7

reference_url	https://security.archlinux.org/ASA-202505-8
reference_id	ASA-202505-8
reference_type
scores
url	https://security.archlinux.org/ASA-202505-8

reference_url

reference_id

AVG-2872

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2873

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://nodejs.org/en/blog/vulnerability/may-2025-security-releases

reference_url

reference_id

may-2025-security-releases

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-19T13:55:12Z/

url

https://nodejs.org/en/blog/vulnerability/may-2025-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2025:8467
reference_id	RHSA-2025:8467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8467

reference_url	https://access.redhat.com/errata/RHSA-2025:8468
reference_id	RHSA-2025:8468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8468

reference_url	https://access.redhat.com/errata/RHSA-2025:8493
reference_id	RHSA-2025:8493
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8493

reference_url	https://access.redhat.com/errata/RHSA-2025:8506
reference_id	RHSA-2025:8506
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8506

reference_url	https://access.redhat.com/errata/RHSA-2025:8514
reference_id	RHSA-2025:8514
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8514

fixed_packages

url	pkg:deb/debian/nodejs@0?distro=trixie
purl	pkg:deb/debian/nodejs@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2025-23165

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-znta-r3v4-hyg1

118

url VCID-zrbm-htvv-eke9

vulnerability_id VCID-zrbm-htvv-eke9

summary

Multiple vulnerabilities have been found in Node.js, worst of which
    could allow remote attackers to write arbitrary files.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12121.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12121.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12121

reference_id

reference_type

scores

value	0.06647
scoring_system	epss
scoring_elements	0.91228
published_at	2026-04-16T12:55:00Z

value	0.08466
scoring_system	epss
scoring_elements	0.92321
published_at	2026-04-01T12:55:00Z

value	0.08466
scoring_system	epss
scoring_elements	0.92328
published_at	2026-04-02T12:55:00Z

value	0.08466
scoring_system	epss
scoring_elements	0.92334
published_at	2026-04-04T12:55:00Z

value	0.08466
scoring_system	epss
scoring_elements	0.92338
published_at	2026-04-07T12:55:00Z

value	0.08466
scoring_system	epss
scoring_elements	0.92349
published_at	2026-04-08T12:55:00Z

value	0.08466
scoring_system	epss
scoring_elements	0.92354
published_at	2026-04-09T12:55:00Z

value	0.08466
scoring_system	epss
scoring_elements	0.92359
published_at	2026-04-13T12:55:00Z

value	0.08466
scoring_system	epss
scoring_elements	0.92361
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12121

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12121
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12121

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1661002
reference_id	1661002
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1661002

reference_url	https://access.redhat.com/errata/RHSA-2019:2258
reference_id	RHSA-2019:2258
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2258

reference_url	https://access.redhat.com/errata/RHSA-2019:3497
reference_id	RHSA-2019:3497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3497

fixed_packages

url	pkg:deb/debian/nodejs@10.15.0~dfsg-6?distro=trixie
purl	pkg:deb/debian/nodejs@10.15.0~dfsg-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.15.0~dfsg-6%3Fdistro=trixie

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2018-12121

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zrbm-htvv-eke9

119

url VCID-zstw-3wmu-u3c8

vulnerability_id VCID-zstw-3wmu-u3c8

summary

llhttp vulnerable to HTTP request smuggling
The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).

The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30589.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30589.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-30589

reference_id

reference_type

scores

value	0.01916
scoring_system	epss
scoring_elements	0.83348
published_at	2026-04-16T12:55:00Z

value	0.01916
scoring_system	epss
scoring_elements	0.83313
published_at	2026-04-13T12:55:00Z

value	0.01916
scoring_system	epss
scoring_elements	0.83323
published_at	2026-04-11T12:55:00Z

value	0.01916
scoring_system	epss
scoring_elements	0.83317
published_at	2026-04-12T12:55:00Z

value	0.01916
scoring_system	epss
scoring_elements	0.83261
published_at	2026-04-02T12:55:00Z

value	0.01916
scoring_system	epss
scoring_elements	0.83276
published_at	2026-04-04T12:55:00Z

value	0.01916
scoring_system	epss
scoring_elements	0.83275
published_at	2026-04-07T12:55:00Z

value	0.01916
scoring_system	epss
scoring_elements	0.83299
published_at	2026-04-08T12:55:00Z

value	0.01916
scoring_system	epss
scoring_elements	0.83308
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-30589

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/nodejs/llhttp

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/nodejs/llhttp

reference_url

https://github.com/nodejs/llhttp/releases/tag/release%2Fv8.1.1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/nodejs/llhttp/releases/tag/release%2Fv8.1.1

reference_url

https://hackerone.com/reports/2001873

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/2001873

reference_url

https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCVG4TQRGTK4LKAZKVEQAUEJM7DUACYE

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCVG4TQRGTK4LKAZKVEQAUEJM7DUACYE

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76

reference_url

https://security.netapp.com/advisory/ntap-20230803-0009

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230803-0009

reference_url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990
reference_id	1039990
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2219841
reference_id	2219841
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2219841

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-30589

reference_id

CVE-2023-30589

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-30589

reference_url

https://github.com/advisories/GHSA-cggh-pq45-6h9x

reference_id

GHSA-cggh-pq45-6h9x

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cggh-pq45-6h9x

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2023:4330
reference_id	RHSA-2023:4330
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4330

reference_url	https://access.redhat.com/errata/RHSA-2023:4331
reference_id	RHSA-2023:4331
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4331

reference_url	https://access.redhat.com/errata/RHSA-2023:4536
reference_id	RHSA-2023:4536
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4536

reference_url	https://access.redhat.com/errata/RHSA-2023:4537
reference_id	RHSA-2023:4537
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4537

reference_url	https://access.redhat.com/errata/RHSA-2023:5361
reference_id	RHSA-2023:5361
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5361

reference_url	https://access.redhat.com/errata/RHSA-2023:5533
reference_id	RHSA-2023:5533
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5533

reference_url	https://usn.ubuntu.com/6735-1/
reference_id	USN-6735-1
reference_type
scores
url	https://usn.ubuntu.com/6735-1/

fixed_packages

url pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

purl pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-38k9-23j3-eqh7

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-kj75-vmwa-gqgq

vulnerability	VCID-sag8-repb-g3f4

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-x1an-pjq4-nbby

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie

url	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5?distro=trixie
purl	pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie
purl	pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.13.0%252Bdfsg1-1.1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie
purl	pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.0%252Bdfsg-6~deb12u1%3Fdistro=trixie

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie

url	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
purl	pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie

aliases CVE-2023-30589, GHSA-cggh-pq45-6h9x

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zstw-3wmu-u3c8

120

url VCID-ztt4-vnk7-7ycq

vulnerability_id VCID-ztt4-vnk7-7ycq

summary

Multiple vulnerabilities have been found in NodeJS, the worst of
    which could result in the arbitrary execution of code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8265.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8265.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8265

reference_id

reference_type

scores

value	0.00755
scoring_system	epss
scoring_elements	0.73197
published_at	2026-04-01T12:55:00Z

value	0.00755
scoring_system	epss
scoring_elements	0.73291
published_at	2026-04-16T12:55:00Z

value	0.00755
scoring_system	epss
scoring_elements	0.73255
published_at	2026-04-12T12:55:00Z

value	0.00755
scoring_system	epss
scoring_elements	0.73248
published_at	2026-04-13T12:55:00Z

value	0.00755
scoring_system	epss
scoring_elements	0.73207
published_at	2026-04-02T12:55:00Z

value	0.00755
scoring_system	epss
scoring_elements	0.73228
published_at	2026-04-04T12:55:00Z

value	0.00755
scoring_system	epss
scoring_elements	0.73201
published_at	2026-04-07T12:55:00Z

value	0.00755
scoring_system	epss
scoring_elements	0.73238
published_at	2026-04-08T12:55:00Z

value	0.00755
scoring_system	epss
scoring_elements	0.73251
published_at	2026-04-09T12:55:00Z

value	0.00755
scoring_system	epss
scoring_elements	0.73276
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8265

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1912854
reference_id	1912854
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1912854

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364
reference_id	979364
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364

reference_url	https://security.archlinux.org/ASA-202101-16
reference_id	ASA-202101-16
reference_type
scores
url	https://security.archlinux.org/ASA-202101-16

reference_url

reference_id

AVG-1400

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url