Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/932799?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "type": "deb", "namespace": "debian", "name": "nodejs", "version": "20.19.2+dfsg-1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "20.19.2+dfsg-1+deb13u1", "latest_non_vulnerable_version": "22.22.2+dfsg+~cs22.19.15-3", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81223?format=api", "vulnerability_id": "VCID-17k5-vadp-4kby", "summary": "nghttp2: overly large SETTINGS frames can lead to DoS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11080.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11080.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11080", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.7299", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.72893", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.72901", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.72922", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.72897", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.72934", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.72948", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.72973", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.72955", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00741", "scoring_system": "epss", "scoring_elements": "0.72949", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1844929", "reference_id": "1844929", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1844929" }, { "reference_url": "https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090", "reference_id": "336a98feb0d56b9ac54e12736b18785c27f75090", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/" } ], "url": "https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145", "reference_id": "962145", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAC2AA36OTRHKSVM5OV7TTVB3CZIGEFL/", "reference_id": "AAC2AA36OTRHKSVM5OV7TTVB3CZIGEFL", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAC2AA36OTRHKSVM5OV7TTVB3CZIGEFL/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4696", "reference_id": "dsa-4696", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/" } ], "url": "https://www.debian.org/security/2020/dsa-4696" }, { "reference_url": "https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394", "reference_id": "f8da73bd042f810f34d19f9eae02b46d870af394", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/" } ], "url": "https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394" }, { "reference_url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr", "reference_id": "GHSA-q5wr-xfw9-q7xr", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/" } ], "url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2523", "reference_id": "RHSA-2020:2523", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2523" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2524", "reference_id": "RHSA-2020:2524", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2524" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2644", "reference_id": "RHSA-2020:2644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2646", "reference_id": "RHSA-2020:2646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2755", "reference_id": "RHSA-2020:2755", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2755" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2784", "reference_id": "RHSA-2020:2784", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2784" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2823", "reference_id": "RHSA-2020:2823", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2847", "reference_id": "RHSA-2020:2847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2848", "reference_id": "RHSA-2020:2848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2849", "reference_id": "RHSA-2020:2849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2850", "reference_id": "RHSA-2020:2850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2850" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2852", "reference_id": "RHSA-2020:2852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2852" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2895", "reference_id": "RHSA-2020:2895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3042", "reference_id": "RHSA-2020:3042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3084", "reference_id": "RHSA-2020:3084", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3084" }, { "reference_url": "https://usn.ubuntu.com/6142-1/", "reference_id": "USN-6142-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6142-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932817?format=api", "purl": "pkg:deb/debian/nodejs@10.21.0~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.21.0~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-11080" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-17k5-vadp-4kby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57383?format=api", "vulnerability_id": "VCID-1bhj-vafz-4ya8", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12122.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12122.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12122", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02716", "scoring_system": "epss", "scoring_elements": "0.85943", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02716", "scoring_system": "epss", "scoring_elements": "0.85929", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02716", "scoring_system": "epss", "scoring_elements": "0.85924", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03643", "scoring_system": "epss", "scoring_elements": "0.87866", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0549", "scoring_system": "epss", "scoring_elements": "0.90195", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0549", "scoring_system": "epss", "scoring_elements": "0.90211", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0549", "scoring_system": "epss", "scoring_elements": "0.90217", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0549", "scoring_system": "epss", "scoring_elements": "0.90175", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0549", "scoring_system": "epss", "scoring_elements": "0.90178", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0549", "scoring_system": "epss", "scoring_elements": "0.9019", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12122" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12122", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12122" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661005", "reference_id": "1661005", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661005" }, { "reference_url": "https://usn.ubuntu.com/USN-4796-1/", "reference_id": "USN-USN-4796-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4796-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932810?format=api", "purl": "pkg:deb/debian/nodejs@10.15.0~dfsg-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.15.0~dfsg-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-12122" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1bhj-vafz-4ya8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34125?format=api", "vulnerability_id": "VCID-1ghj-acr4-tkat", "summary": "Multiple vulnerabilities have been found in Node.js, the worst of\n which can allow remote attackers to cause Denial of Service conditions.", "references": [ { "reference_url": "http://blog.safebreach.com/2016/02/09/http-response-splitting-in-node-js-root-cause-analysis/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://blog.safebreach.com/2016/02/09/http-response-splitting-in-node-js-root-cause-analysis/" }, { "reference_url": "http://info.safebreach.com/hubfs/Node-js-Response-Splitting.pdf", "reference_id": "", "reference_type": "", "scores": [], "url": "http://info.safebreach.com/hubfs/Node-js-Response-Splitting.pdf" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177184.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177184.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177673.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177673.html" }, { "reference_url": "http://packetstormsecurity.com/files/135711/Node.js-HTTP-Response-Splitting.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://packetstormsecurity.com/files/135711/Node.js-HTTP-Response-Splitting.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2216.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2216.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2216", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01835", "scoring_system": "epss", "scoring_elements": "0.82963", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01835", "scoring_system": "epss", "scoring_elements": "0.82924", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01835", "scoring_system": "epss", "scoring_elements": "0.82858", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01835", "scoring_system": "epss", "scoring_elements": "0.82875", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01835", "scoring_system": "epss", "scoring_elements": "0.82888", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01835", "scoring_system": "epss", "scoring_elements": "0.82884", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01835", "scoring_system": "epss", "scoring_elements": "0.82909", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01835", "scoring_system": "epss", "scoring_elements": "0.82917", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01835", "scoring_system": "epss", "scoring_elements": "0.82933", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01835", "scoring_system": "epss", "scoring_elements": "0.82928", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2216" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2216", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2216" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/" }, { "reference_url": "http://www.securityfocus.com/bid/83141", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/83141" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1306203", "reference_id": "1306203", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1306203" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.16-isaacs-manual:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.16-isaacs-manual:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.16-isaacs-manual:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.38:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.38:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.38:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.39:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.39:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.39:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.40:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.40:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.40:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.41:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.41:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.41:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.11.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.11.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.11.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.11.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.11.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.11.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.11.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.11.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.11.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.11.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.11.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.11.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.11.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.11.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.11.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.11.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.11.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.11.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.11.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.11.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.11.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.11.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.11.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.11.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.11.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.11.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.11.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.11.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.11.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.11.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.11.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.11.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.11.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:5.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:5.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:5.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:5.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:5.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:5.5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2216", "reference_id": "CVE-2016-2216", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2216" }, { "reference_url": "https://security.gentoo.org/glsa/201612-43", "reference_id": "GLSA-201612-43", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201612-43" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932807?format=api", "purl": "pkg:deb/debian/nodejs@4.3.0~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@4.3.0~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2216" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ghj-acr4-tkat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63920?format=api", "vulnerability_id": "VCID-1vp3-fzdr-yqbm", "summary": "Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21715.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21715.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21715", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00177", "published_at": "2026-04-04T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00201", "published_at": "2026-04-08T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.002", "published_at": "2026-04-09T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00202", "published_at": "2026-04-13T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00204", "published_at": "2026-04-16T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00216", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21715" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453152", "reference_id": "2453152", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7350", "reference_id": "RHSA-2026:7350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7670", "reference_id": "RHSA-2026:7670", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7670" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7675", "reference_id": "RHSA-2026:7675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7675" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932844?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-21715" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1vp3-fzdr-yqbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63923?format=api", "vulnerability_id": "VCID-2t7c-dju9-pff6", "summary": "Node.js: Node.js: Information disclosure via timing oracle in HMAC verification", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21713.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21713.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21713", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0144", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03543", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05546", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05611", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05602", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05595", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05575", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05613", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05638", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21713" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453160", "reference_id": "2453160", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453160" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases", "reference_id": "march-2026-security-releases", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-30T19:45:13Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7350", "reference_id": "RHSA-2026:7350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7670", "reference_id": "RHSA-2026:7670", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7670" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7675", "reference_id": "RHSA-2026:7675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7675" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932844?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-21713" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2t7c-dju9-pff6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37577?format=api", "vulnerability_id": "VCID-2z1f-7jkw-17av", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27982.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27982.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27982", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60154", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60113", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60127", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60149", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60134", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60116", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60068", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60093", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60063", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27982" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27982", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27982" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068347", "reference_id": "1068347", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068347" }, { "reference_url": "https://hackerone.com/reports/2237099", "reference_id": "2237099", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-07T18:19:19Z/" } ], "url": "https://hackerone.com/reports/2237099" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275392", "reference_id": "2275392", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275392" }, { "reference_url": "https://security.archlinux.org/AVG-2852", "reference_id": "AVG-2852", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2852" }, { "reference_url": "https://security.archlinux.org/AVG-2853", "reference_id": "AVG-2853", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2853" }, { "reference_url": "https://security.gentoo.org/glsa/202505-11", "reference_id": "GLSA-202505-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2778", "reference_id": "RHSA-2024:2778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2778" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2779", "reference_id": "RHSA-2024:2779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2780", "reference_id": "RHSA-2024:2780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2853", "reference_id": "RHSA-2024:2853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2910", "reference_id": "RHSA-2024:2910", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2910" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3545", "reference_id": "RHSA-2024:3545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4559", "reference_id": "RHSA-2024:4559", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4559" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932834?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932837?format=api", "purl": "pkg:deb/debian/nodejs@18.20.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-27982" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2z1f-7jkw-17av" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/264557?format=api", "vulnerability_id": "VCID-35e4-h5zk-5ffn", "summary": "A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3566", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0709", "scoring_system": "epss", "scoring_elements": "0.91485", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0709", "scoring_system": "epss", "scoring_elements": "0.91546", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0709", "scoring_system": "epss", "scoring_elements": "0.91526", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0709", "scoring_system": "epss", "scoring_elements": "0.91524", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0709", "scoring_system": "epss", "scoring_elements": "0.91519", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0709", "scoring_system": "epss", "scoring_elements": "0.91513", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0709", "scoring_system": "epss", "scoring_elements": "0.915", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0709", "scoring_system": "epss", "scoring_elements": "0.91492", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3566" }, { "reference_url": "https://kb.cert.org/vuls/id/123335", "reference_id": "123335", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-15T16:13:02Z/" } ], "url": "https://kb.cert.org/vuls/id/123335" }, { "reference_url": "https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/", "reference_id": "batbadbut-you-cant-securely-execute-commands-on-windows", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-15T16:13:02Z/" } ], "url": "https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/" }, { "reference_url": "https://www.cve.org/CVERecord?id=CVE-2024-1874", "reference_id": "CVERecord?id=CVE-2024-1874", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-15T16:13:02Z/" } ], "url": "https://www.cve.org/CVERecord?id=CVE-2024-1874" }, { "reference_url": "https://www.cve.org/CVERecord?id=CVE-2024-22423", "reference_id": "CVERecord?id=CVE-2024-22423", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-15T16:13:02Z/" } ], "url": "https://www.cve.org/CVERecord?id=CVE-2024-22423" }, { "reference_url": "https://www.cve.org/CVERecord?id=CVE-2024-24576", "reference_id": "CVERecord?id=CVE-2024-24576", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-15T16:13:02Z/" } ], "url": "https://www.cve.org/CVERecord?id=CVE-2024-24576" }, { "reference_url": "https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way", "reference_id": "everyone-quotes-command-line-arguments-the-wrong-way", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-04-15T16:13:02Z/" } ], "url": "https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-3566" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-35e4-h5zk-5ffn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62481?format=api", "vulnerability_id": "VCID-38k9-23j3-eqh7", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30581.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30581.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30581", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04633", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04643", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04709", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04693", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04676", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04657", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0467", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04704", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04716", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30581" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990", "reference_id": "1039990", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219824", "reference_id": "2219824", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219824" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases", "reference_id": "june-2023-security-releases", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T14:18:07Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4330", "reference_id": "RHSA-2023:4330", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4330" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4331", "reference_id": "RHSA-2023:4331", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4331" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4536", "reference_id": "RHSA-2023:4536", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4537", "reference_id": "RHSA-2023:4537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5361", "reference_id": "RHSA-2023:5361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5533", "reference_id": "RHSA-2023:5533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5533" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932833?format=api", "purl": "pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.13.0%252Bdfsg1-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932831?format=api", "purl": "pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.0%252Bdfsg-6~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-30581" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-38k9-23j3-eqh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48671?format=api", "vulnerability_id": "VCID-39c4-njbs-pyeq", "summary": "Multiple vulnerabilities have been found in NodeJS, the worst of\n which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8251.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8251.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8251", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04991", "scoring_system": "epss", "scoring_elements": "0.89658", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04991", "scoring_system": "epss", "scoring_elements": "0.8966", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04991", "scoring_system": "epss", "scoring_elements": "0.89675", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04991", "scoring_system": "epss", "scoring_elements": "0.89677", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04991", "scoring_system": "epss", "scoring_elements": "0.89695", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04991", "scoring_system": "epss", "scoring_elements": "0.897", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04991", "scoring_system": "epss", "scoring_elements": "0.89708", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04991", "scoring_system": "epss", "scoring_elements": "0.89706", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04991", "scoring_system": "epss", "scoring_elements": "0.89715", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8251" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879314", "reference_id": "1879314", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879314" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-8251" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-39c4-njbs-pyeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86535?format=api", "vulnerability_id": "VCID-3j17-wsqw-hucs", "summary": "NodeJS: HTTP Pipelining DoS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4450.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4450.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4450", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.68714", "scoring_system": "epss", "scoring_elements": "0.98608", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.68714", "scoring_system": "epss", "scoring_elements": "0.9861", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.68714", "scoring_system": "epss", "scoring_elements": "0.98613", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.68714", "scoring_system": "epss", "scoring_elements": "0.98615", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.68714", "scoring_system": "epss", "scoring_elements": "0.98617", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.68714", "scoring_system": "epss", "scoring_elements": "0.98618", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.68714", "scoring_system": "epss", "scoring_elements": "0.98621", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.68714", "scoring_system": "epss", "scoring_elements": "0.98623", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.68714", "scoring_system": "epss", "scoring_elements": "0.98626", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4450" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4450" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1021170", "reference_id": "1021170", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1021170" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1842", "reference_id": "RHSA-2013:1842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1842" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932800?format=api", "purl": "pkg:deb/debian/nodejs@0.10.21~dfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0.10.21~dfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4450" ], "risk_score": 1.2, "exploitability": "2.0", "weighted_severity": "0.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3j17-wsqw-hucs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85609?format=api", "vulnerability_id": "VCID-3nb1-jud1-rkgk", "summary": "nodejs: `Buffer` to UTF8 `String` conversion DoS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5380.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5380.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5380", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.69972", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.69984", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.69999", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.69975", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70024", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.7004", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70063", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70048", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70035", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70078", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5380" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1239332", "reference_id": "1239332", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1239332" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-5380" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3nb1-jud1-rkgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83813?format=api", "vulnerability_id": "VCID-3v19-cq1w-y3cz", "summary": "nodejs: Vulnerable to CVE-2017-3737 due to embedded OpenSSL", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15896.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15896.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15896", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37066", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37059", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37072", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37081", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37048", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37021", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40259", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40181", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40086", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40235", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15896" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:N" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525106", "reference_id": "1525106", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525106" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15896", "reference_id": "CVE-2017-15896", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:N" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15896" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-15896" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3v19-cq1w-y3cz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57385?format=api", "vulnerability_id": "VCID-3vdn-6af1-k3g6", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7161.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7161.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7161", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.779", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77992", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77975", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77959", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77957", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77907", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77934", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77917", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77944", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01092", "scoring_system": "epss", "scoring_elements": "0.77948", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7161" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7161", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7161" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" }, { "reference_url": "https://security.gentoo.org/glsa/202003-48", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-48" }, { "reference_url": "http://www.securityfocus.com/bid/106363", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106363" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591013", "reference_id": "1591013", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591013" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161", "reference_id": "CVE-2018-7161", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2949", "reference_id": "RHSA-2018:2949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2949" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932810?format=api", "purl": "pkg:deb/debian/nodejs@10.15.0~dfsg-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.15.0~dfsg-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-7161" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3vdn-6af1-k3g6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64946?format=api", "vulnerability_id": "VCID-43sf-4r41-wugc", "summary": "nodejs: Nodejs filesystem permissions bypass", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55132.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55132.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55132", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01084", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01068", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.0108", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01073", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01075", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01085", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01091", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01096", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55132" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55132", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55132" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431338", "reference_id": "2431338", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431338" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases", "reference_id": "december-2025-security-releases", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T18:38:44Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1842", "reference_id": "RHSA-2026:1842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1843", "reference_id": "RHSA-2026:1843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2420", "reference_id": "RHSA-2026:2420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2420" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2421", "reference_id": "RHSA-2026:2421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2422", "reference_id": "RHSA-2026:2422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2781", "reference_id": "RHSA-2026:2781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2782", "reference_id": "RHSA-2026:2782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2783", "reference_id": "RHSA-2026:2783", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2783" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932840?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932843?format=api", "purl": "pkg:deb/debian/nodejs@22.22.0%2Bdfsg%2B~cs22.19.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.0%252Bdfsg%252B~cs22.19.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-55132" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-43sf-4r41-wugc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62482?format=api", "vulnerability_id": "VCID-4ak9-89fm-ybh2", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30582.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30582.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30582", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.2715", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27003", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27052", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26994", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27187", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26978", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27047", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27092", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27095", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30582" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219832", "reference_id": "2219832", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219832" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases", "reference_id": "june-2023-security-releases", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-09T18:09:51Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-30582" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4ak9-89fm-ybh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84875?format=api", "vulnerability_id": "VCID-4cbr-u3tr-pfdr", "summary": "nodejs: wildcard certificates not properly validated", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7099.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7099.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7099", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00718", "scoring_system": "epss", "scoring_elements": "0.72385", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00718", "scoring_system": "epss", "scoring_elements": "0.7239", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00718", "scoring_system": "epss", "scoring_elements": "0.72408", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00718", "scoring_system": "epss", "scoring_elements": "0.72424", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00718", "scoring_system": "epss", "scoring_elements": "0.72436", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00718", "scoring_system": "epss", "scoring_elements": "0.72459", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00718", "scoring_system": "epss", "scoring_elements": "0.72442", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00718", "scoring_system": "epss", "scoring_elements": "0.72432", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00718", "scoring_system": "epss", "scoring_elements": "0.72473", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7099" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7099", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7099" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:C/I:C/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1379921", "reference_id": "1379921", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1379921" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839714", "reference_id": "839714", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839714" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0002", "reference_id": "RHSA-2017:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0002" }, { "reference_url": "https://usn.ubuntu.com/USN-4796-1/", "reference_id": "USN-USN-4796-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4796-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932808?format=api", "purl": "pkg:deb/debian/nodejs@4.6.0~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@4.6.0~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-7099" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4cbr-u3tr-pfdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57389?format=api", "vulnerability_id": "VCID-4dhf-bpv6-a3e1", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15604.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15604.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15604", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87611", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87621", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87634", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87636", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87656", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87662", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87673", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87669", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87666", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03533", "scoring_system": "epss", "scoring_elements": "0.87681", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367", "reference_id": "1800367", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0598", "reference_id": "RHSA-2020:0598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0598" }, { "reference_url": "https://usn.ubuntu.com/6380-1/", "reference_id": "USN-6380-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6380-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932814?format=api", "purl": "pkg:deb/debian/nodejs@10.19.0~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.19.0~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-15604" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4dhf-bpv6-a3e1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57387?format=api", "vulnerability_id": "VCID-4khc-2nz3-ckhr", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7164.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7164.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77708", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77805", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77769", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77768", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77715", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77742", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77725", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77753", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77758", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77785", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7164" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" }, { "reference_url": "https://security.gentoo.org/glsa/202003-48", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-48" }, { "reference_url": "http://www.securityfocus.com/bid/104463", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104463" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591023", "reference_id": "1591023", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591023" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7164", "reference_id": "CVE-2018-7164", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7164" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932810?format=api", "purl": "pkg:deb/debian/nodejs@10.15.0~dfsg-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.15.0~dfsg-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-7164" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4khc-2nz3-ckhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92334?format=api", "vulnerability_id": "VCID-5397-fjce-pbbg", "summary": "The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.6997", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.69983", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.69997", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.69974", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70022", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70038", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70062", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70046", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70033", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70076", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2330" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932796?format=api", "purl": "pkg:deb/debian/nodejs@0.6.17~dfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0.6.17~dfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2330" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5397-fjce-pbbg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34821?format=api", "vulnerability_id": "VCID-53xm-8w84-93cx", "summary": "Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22930.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22930.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22930", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55216", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55378", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55361", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55342", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55315", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55339", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55321", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55371", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55382", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1988394", "reference_id": "1988394", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1988394" }, { "reference_url": "https://security.archlinux.org/ASA-202108-1", "reference_id": "ASA-202108-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202108-1" }, { "reference_url": "https://security.archlinux.org/AVG-2239", "reference_id": "AVG-2239", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2239" }, { "reference_url": "https://security.gentoo.org/glsa/202401-02", "reference_id": "GLSA-202401-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202401-02" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3280", "reference_id": "RHSA-2021:3280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3281", "reference_id": "RHSA-2021:3281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3623", "reference_id": "RHSA-2021:3623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3638", "reference_id": "RHSA-2021:3638", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3638" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3639", "reference_id": "RHSA-2021:3639", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3639" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3666", "reference_id": "RHSA-2021:3666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3666" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932821?format=api", "purl": "pkg:deb/debian/nodejs@12.22.4~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.4~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932822?format=api", "purl": "pkg:deb/debian/nodejs@12.22.5~dfsg-2~11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.5~dfsg-2~11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-22930" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-53xm-8w84-93cx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37549?format=api", "vulnerability_id": "VCID-5afy-ud31-hbaw", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21890.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21890.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21890", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01439", "scoring_system": "epss", "scoring_elements": "0.80748", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01439", "scoring_system": "epss", "scoring_elements": "0.80683", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01439", "scoring_system": "epss", "scoring_elements": "0.80679", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01439", "scoring_system": "epss", "scoring_elements": "0.80707", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01439", "scoring_system": "epss", "scoring_elements": "0.80717", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01439", "scoring_system": "epss", "scoring_elements": "0.80734", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01439", "scoring_system": "epss", "scoring_elements": "0.8072", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01439", "scoring_system": "epss", "scoring_elements": "0.80712", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01439", "scoring_system": "epss", "scoring_elements": "0.80662", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21890" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2257156", "reference_id": "2257156", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T16:50:11Z/" } ], "url": "https://hackerone.com/reports/2257156" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265722", "reference_id": "2265722", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265722" }, { "reference_url": "https://security.gentoo.org/glsa/202505-11", "reference_id": "GLSA-202505-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-11" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240315-0002/", "reference_id": "ntap-20240315-0002", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T16:50:11Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240315-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1687", "reference_id": "RHSA-2024:1687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1688", "reference_id": "RHSA-2024:1688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1688" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-21890" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5afy-ud31-hbaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13058?format=api", "vulnerability_id": "VCID-5cf7-va9h-h3gy", "summary": "Improper Certificate Validation\nAccepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js does not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44531.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44531.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44531", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22783", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22952", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22996", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22789", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22863", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22916", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22936", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22899", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22843", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22856", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44531" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1429694", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1429694" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220325-0007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220325-0007/" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5170", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2022/dsa-5170" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177", "reference_id": "1004177", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040839", "reference_id": "2040839", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040839" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531", "reference_id": "CVE-2021-44531", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4914", "reference_id": "RHSA-2022:4914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4914" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7044", "reference_id": "RHSA-2022:7044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7830", "reference_id": "RHSA-2022:7830", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7830" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9073", "reference_id": "RHSA-2022:9073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1742", "reference_id": "RHSA-2023:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3742", "reference_id": "RHSA-2023:3742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932826?format=api", "purl": "pkg:deb/debian/nodejs@12.22.9~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.9~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932825?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-44531" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5cf7-va9h-h3gy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37566?format=api", "vulnerability_id": "VCID-67xm-uc9p-y7f2", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22020.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22020.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22020", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32867", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32989", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32811", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32859", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32888", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32889", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32851", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32825", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32954", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22020" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2092749", "reference_id": "2092749", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T03:55:30Z/" } ], "url": "https://hackerone.com/reports/2092749" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296417", "reference_id": "2296417", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296417" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/19/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T03:55:30Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/19/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/11/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T03:55:30Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/11/6" }, { "reference_url": "https://security.gentoo.org/glsa/202505-11", "reference_id": "GLSA-202505-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5814", "reference_id": "RHSA-2024:5814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5814" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5815", "reference_id": "RHSA-2024:5815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5815" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6147", "reference_id": "RHSA-2024:6147", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6147" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6148", "reference_id": "RHSA-2024:6148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6148" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932836?format=api", "purl": "pkg:deb/debian/nodejs@20.15.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.15.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-22020" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-67xm-uc9p-y7f2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8479?format=api", "vulnerability_id": "VCID-6uyn-fy9v-c3gx", "summary": "Uncontrolled Resource Consumption\nNode.js allows remote attackers to cause a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7384.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7384.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7384", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0085", "scoring_system": "epss", "scoring_elements": "0.74915", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0085", "scoring_system": "epss", "scoring_elements": "0.74888", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0085", "scoring_system": "epss", "scoring_elements": "0.74879", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0085", "scoring_system": "epss", "scoring_elements": "0.74836", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0085", "scoring_system": "epss", "scoring_elements": "0.74838", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0085", "scoring_system": "epss", "scoring_elements": "0.74867", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0085", "scoring_system": "epss", "scoring_elements": "0.7484", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0085", "scoring_system": "epss", "scoring_elements": "0.74873", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0085", "scoring_system": "epss", "scoring_elements": "0.74886", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0085", "scoring_system": "epss", "scoring_elements": "0.7491", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7384" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7384", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7384" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/nodejs/node/issues/3138", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/nodejs/node/issues/3138" }, { "reference_url": "http://www.securityfocus.com/bid/101260", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101260" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1268791", "reference_id": "1268791", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1268791" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800580", "reference_id": "800580", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800580" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7384", "reference_id": "CVE-2015-7384", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7384" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932805?format=api", "purl": "pkg:deb/debian/nodejs@4.1.1~dfsg-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@4.1.1~dfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-7384" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6uyn-fy9v-c3gx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34825?format=api", "vulnerability_id": "VCID-7cth-47w2-17hy", "summary": "Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22940.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22940.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22940", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.59679", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.59834", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.59815", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.59797", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.59753", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.59777", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.59747", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.59799", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.59812", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.59831", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22940" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993029", "reference_id": "1993029", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993029" }, { "reference_url": "https://security.archlinux.org/AVG-2283", "reference_id": "AVG-2283", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2283" }, { "reference_url": "https://security.gentoo.org/glsa/202401-02", "reference_id": "GLSA-202401-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202401-02" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3280", "reference_id": "RHSA-2021:3280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3281", "reference_id": "RHSA-2021:3281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3623", "reference_id": "RHSA-2021:3623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3638", "reference_id": "RHSA-2021:3638", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3638" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3639", "reference_id": "RHSA-2021:3639", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3639" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3666", "reference_id": "RHSA-2021:3666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3666" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932823?format=api", "purl": "pkg:deb/debian/nodejs@12.22.5~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.5~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-22940" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7cth-47w2-17hy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78659?format=api", "vulnerability_id": "VCID-7nnu-jtjx-u3ff", "summary": "Node.js: Permissions policies can be bypassed via process.mainModule", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23918.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23918.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23918", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05429", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05479", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05469", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05505", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05526", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.055", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05486", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05463", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23918" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834", "reference_id": "1031834", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935", "reference_id": "2171935", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/", "reference_id": "february-2023-security-releases", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T17:47:16Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230316-0008/", "reference_id": "ntap-20230316-0008", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T17:47:16Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230316-0008/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1533", "reference_id": "RHSA-2023:1533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1582", "reference_id": "RHSA-2023:1582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1583", "reference_id": "RHSA-2023:1583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1583" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1742", "reference_id": "RHSA-2023:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1743", "reference_id": "RHSA-2023:1743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1744", "reference_id": "RHSA-2023:1744", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1744" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2654", "reference_id": "RHSA-2023:2654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2654" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2655", "reference_id": "RHSA-2023:2655", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2655" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932832?format=api", "purl": "pkg:deb/debian/nodejs@18.19.0%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.0%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932831?format=api", "purl": "pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.0%252Bdfsg-6~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-23918" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7nnu-jtjx-u3ff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62475?format=api", "vulnerability_id": "VCID-7tpb-9zrz-e7e1", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32212.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32212.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32212", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19983", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20041", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19768", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19848", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19901", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19911", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19867", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19809", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19782", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105422", "reference_id": "2105422", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105422" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6389", "reference_id": "RHSA-2022:6389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6448", "reference_id": "RHSA-2022:6448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6449", "reference_id": "RHSA-2022:6449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6595", "reference_id": "RHSA-2022:6595", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6595" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6985", "reference_id": "RHSA-2022:6985", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6985" }, { "reference_url": "https://usn.ubuntu.com/6491-1/", "reference_id": "USN-6491-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6491-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932828?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932827?format=api", "purl": "pkg:deb/debian/nodejs@18.6.0%2Bdfsg-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.6.0%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-32212" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7tpb-9zrz-e7e1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62492?format=api", "vulnerability_id": "VCID-7z51-jgw6-v7hr", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32005.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32005.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.7835", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78381", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01324", "scoring_system": "epss", "scoring_elements": "0.79929", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01324", "scoring_system": "epss", "scoring_elements": "0.79896", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01324", "scoring_system": "epss", "scoring_elements": "0.79904", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01324", "scoring_system": "epss", "scoring_elements": "0.79924", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01324", "scoring_system": "epss", "scoring_elements": "0.79908", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01324", "scoring_system": "epss", "scoring_elements": "0.799", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01324", "scoring_system": "epss", "scoring_elements": "0.79867", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32005" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2051224", "reference_id": "2051224", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:42Z/" } ], "url": "https://hackerone.com/reports/2051224" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230958", "reference_id": "2230958", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230958" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231103-0004/", "reference_id": "ntap-20231103-0004", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:42Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20231103-0004/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-32005" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7z51-jgw6-v7hr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53859?format=api", "vulnerability_id": "VCID-8c4g-fjsa-nkhw", "summary": "llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields\nThe llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. The LF character (without CR) is sufficient to delimit HTTP header fields in the lihttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This can lead to HTTP Request Smuggling (HRS).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32214.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32214.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32214", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.39294", "scoring_system": "epss", "scoring_elements": "0.97296", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.45841", "scoring_system": "epss", "scoring_elements": "0.97612", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.45841", "scoring_system": "epss", "scoring_elements": "0.97625", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.45841", "scoring_system": "epss", "scoring_elements": "0.97624", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.45841", "scoring_system": "epss", "scoring_elements": "0.97622", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.45841", "scoring_system": "epss", "scoring_elements": "0.97619", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.45841", "scoring_system": "epss", "scoring_elements": "0.97608", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.45841", "scoring_system": "epss", "scoring_elements": "0.97611", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.45841", "scoring_system": "epss", "scoring_elements": "0.97617", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548" }, { "reference_url": "https://datatracker.ietf.org/doc/html/rfc7230#section-3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://datatracker.ietf.org/doc/html/rfc7230#section-3" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb" }, { "reference_url": "https://hackerone.com/reports/1524692", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1524692" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32214", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32214" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220915-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220915-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220915-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220915-0001/" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5326", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2023/dsa-5326" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105428", "reference_id": "2105428", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105428" }, { "reference_url": "https://github.com/advisories/GHSA-q5vx-44v4-gch4", "reference_id": "GHSA-q5vx-44v4-gch4", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q5vx-44v4-gch4" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6389", "reference_id": "RHSA-2022:6389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6448", "reference_id": "RHSA-2022:6448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6449", "reference_id": "RHSA-2022:6449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6595", "reference_id": "RHSA-2022:6595", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6595" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6985", "reference_id": "RHSA-2022:6985", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6985" }, { "reference_url": "https://usn.ubuntu.com/6491-1/", "reference_id": "USN-6491-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6491-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932828?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932827?format=api", "purl": "pkg:deb/debian/nodejs@18.6.0%2Bdfsg-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.6.0%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-32214", "GHSA-q5vx-44v4-gch4" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8c4g-fjsa-nkhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34122?format=api", "vulnerability_id": "VCID-8m9d-ah96-d7cg", "summary": "Multiple vulnerabilities have been found in Node.js, the worst of\n which can allow remote attackers to cause Denial of Service conditions.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8027.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8027.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8027", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80381", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80351", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80299", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80307", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80327", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80315", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80343", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80354", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80372", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0139", "scoring_system": "epss", "scoring_elements": "0.80358", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8027" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8027", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8027" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/december-2015-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/december-2015-security-releases/" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV79524", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV79524" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972419", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972419" }, { "reference_url": "http://www.securityfocus.com/bid/78207", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/78207" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1285771", "reference_id": "1285771", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1285771" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806385", "reference_id": "806385", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806385" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8027", "reference_id": "CVE-2015-8027", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8027" }, { "reference_url": "https://security.gentoo.org/glsa/201612-43", "reference_id": "GLSA-201612-43", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201612-43" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932804?format=api", "purl": "pkg:deb/debian/nodejs@4.2.3~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@4.2.3~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-8027" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8m9d-ah96-d7cg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78660?format=api", "vulnerability_id": "VCID-8myg-sjwy-yqfp", "summary": "Node.js: OpenSSL error handling issues in nodejs crypto library", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23919.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23919.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23919", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00508", "scoring_system": "epss", "scoring_elements": "0.66318", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68536", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68588", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68618", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.6863", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68605", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68587", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71716", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71735", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23919" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834", "reference_id": "1031834", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834" }, { "reference_url": "https://hackerone.com/reports/1808596", "reference_id": "1808596", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:26:46Z/" } ], "url": "https://hackerone.com/reports/1808596" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172170", "reference_id": "2172170", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172170" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/", "reference_id": "february-2023-security-releases", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:26:46Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230316-0008/", "reference_id": "ntap-20230316-0008", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:26:46Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230316-0008/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1582", "reference_id": "RHSA-2023:1582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1583", "reference_id": "RHSA-2023:1583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1583" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2654", "reference_id": "RHSA-2023:2654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2654" }, { "reference_url": "https://usn.ubuntu.com/6672-1/", "reference_id": "USN-6672-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6672-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932833?format=api", "purl": "pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.13.0%252Bdfsg1-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932831?format=api", "purl": "pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.0%252Bdfsg-6~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-23919" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8myg-sjwy-yqfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83814?format=api", "vulnerability_id": "VCID-8qmf-bwmg-5bar", "summary": "nodejs: Unitialized buffer due to incorrect encoding", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15897.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15897.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15897", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.65552", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.65596", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.656", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.6563", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.65648", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.70643", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.70659", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.7062", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.70628", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00642", "scoring_system": "epss", "scoring_elements": "0.70614", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15897" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532534", "reference_id": "1532534", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532534" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15897", "reference_id": "CVE-2017-15897", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15897" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-15897" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8qmf-bwmg-5bar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63924?format=api", "vulnerability_id": "VCID-96yh-1wub-zucg", "summary": "Node.js: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21714.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21714.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21714", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0161", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02664", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02382", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02682", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03389", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03392", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03414", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03372", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03344", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21714" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21714", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21714" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453161", "reference_id": "2453161", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453161" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases", "reference_id": "march-2026-security-releases", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T16:14:45Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7350", "reference_id": "RHSA-2026:7350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7670", "reference_id": "RHSA-2026:7670", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7670" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7675", "reference_id": "RHSA-2026:7675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7675" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932844?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-21714" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-96yh-1wub-zucg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64952?format=api", "vulnerability_id": "VCID-98fy-tedc-ube7", "summary": "nodejs: Nodejs uninitialized memory exposure", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55131.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55131.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55131", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09833", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09742", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09913", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09876", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09861", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09884", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09783", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09855", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09908", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55131" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431350", "reference_id": "2431350", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431350" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases", "reference_id": "december-2025-security-releases", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:31Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1842", "reference_id": "RHSA-2026:1842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1843", "reference_id": "RHSA-2026:1843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2420", "reference_id": "RHSA-2026:2420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2420" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2421", "reference_id": "RHSA-2026:2421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2422", "reference_id": "RHSA-2026:2422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2767", "reference_id": "RHSA-2026:2767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2767" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2768", "reference_id": "RHSA-2026:2768", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2781", "reference_id": "RHSA-2026:2781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2782", "reference_id": "RHSA-2026:2782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2783", "reference_id": "RHSA-2026:2783", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2783" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2864", "reference_id": "RHSA-2026:2864", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2899", "reference_id": "RHSA-2026:2899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2899" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932840?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932843?format=api", "purl": "pkg:deb/debian/nodejs@22.22.0%2Bdfsg%2B~cs22.19.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.0%252Bdfsg%252B~cs22.19.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-55131" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-98fy-tedc-ube7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34824?format=api", "vulnerability_id": "VCID-9g7s-y7nq-xfbb", "summary": "Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22939.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22939.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22939", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31612", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.3165", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31653", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31617", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31744", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31788", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31607", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.3166", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31689", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31693", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22939" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22939", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22939" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993039", "reference_id": "1993039", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993039" }, { "reference_url": "https://security.archlinux.org/AVG-2283", "reference_id": "AVG-2283", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2283" }, { "reference_url": "https://security.gentoo.org/glsa/202401-02", "reference_id": "GLSA-202401-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202401-02" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3280", "reference_id": "RHSA-2021:3280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3281", "reference_id": "RHSA-2021:3281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3623", "reference_id": "RHSA-2021:3623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3638", "reference_id": "RHSA-2021:3638", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3638" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3639", "reference_id": "RHSA-2021:3639", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3639" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3666", "reference_id": "RHSA-2021:3666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3666" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932823?format=api", "purl": "pkg:deb/debian/nodejs@12.22.5~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.5~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932822?format=api", "purl": "pkg:deb/debian/nodejs@12.22.5~dfsg-2~11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.5~dfsg-2~11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-22939" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9g7s-y7nq-xfbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45?format=api", "vulnerability_id": "VCID-9hzg-r1fj-pubf", "summary": "Excessive CPU usage in HTTP/2 with priority changes", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9513.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9513.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91201", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91275", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91235", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91241", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91248", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91251", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.9125", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91206", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91215", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91221", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741", "reference_id": "1735741", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885", "reference_id": "934885", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037", "reference_id": "935037", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037" }, { "reference_url": "https://security.archlinux.org/ASA-201908-12", "reference_id": "ASA-201908-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-12" }, { "reference_url": "https://security.archlinux.org/ASA-201908-13", "reference_id": "ASA-201908-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-13" }, { "reference_url": "https://security.archlinux.org/ASA-201908-17", "reference_id": "ASA-201908-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-17" }, { "reference_url": "https://security.archlinux.org/AVG-1022", "reference_id": "AVG-1022", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1022" }, { "reference_url": "https://security.archlinux.org/AVG-1023", "reference_id": "AVG-1023", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1023" }, { "reference_url": "https://security.archlinux.org/AVG-1024", "reference_id": "AVG-1024", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1024" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513", "reference_id": "CVE-2019-9513", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2692", "reference_id": "RHSA-2019:2692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2745", "reference_id": "RHSA-2019:2745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2746", "reference_id": "RHSA-2019:2746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2775", "reference_id": "RHSA-2019:2775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2799", "reference_id": "RHSA-2019:2799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2946", "reference_id": "RHSA-2019:2946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2949", "reference_id": "RHSA-2019:2949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3041", "reference_id": "RHSA-2019:3041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0983", "reference_id": "RHSA-2020:0983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0983" }, { "reference_url": "https://usn.ubuntu.com/4099-1/", "reference_id": "USN-4099-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4099-1/" }, { "reference_url": "https://usn.ubuntu.com/6754-1/", "reference_id": "USN-6754-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6754-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932816?format=api", "purl": "pkg:deb/debian/nodejs@10.16.3~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.16.3~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-9513" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9hzg-r1fj-pubf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57393?format=api", "vulnerability_id": "VCID-9tvd-qsp8-byfx", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5739.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5739.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5739", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54291", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54411", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54412", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54394", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54372", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54311", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54341", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54316", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54368", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54363", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5739" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/" }, { "reference_url": "https://security.gentoo.org/glsa/202003-48", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-48" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190502-0008/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190502-0008/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1690798", "reference_id": "1690798", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1690798" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5739", "reference_id": "CVE-2019-5739", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5739" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932811?format=api", "purl": "pkg:deb/debian/nodejs@8.9.3~dfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@8.9.3~dfsg-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-5739" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9tvd-qsp8-byfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83220?format=api", "vulnerability_id": "VCID-9uux-1n93-4kcs", "summary": "nodejs: Unintentional exposure of uninitialized memory", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7166.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7166.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.74986", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.74989", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75018", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.74995", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75029", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.7504", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75062", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75041", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75031", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75068", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7166" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620215", "reference_id": "1620215", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2553", "reference_id": "RHSA-2018:2553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2553" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-7166" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9uux-1n93-4kcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57384?format=api", "vulnerability_id": "VCID-9v22-ened-4bg2", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12123.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12123.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12123", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89144", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89151", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89166", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89169", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89187", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89192", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89202", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89198", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89195", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04555", "scoring_system": "epss", "scoring_elements": "0.89208", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12123" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12123", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12123" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661010", "reference_id": "1661010", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661010" }, { "reference_url": "https://usn.ubuntu.com/USN-4796-1/", "reference_id": "USN-USN-4796-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4796-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932810?format=api", "purl": "pkg:deb/debian/nodejs@10.15.0~dfsg-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.15.0~dfsg-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-12123" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9v22-ened-4bg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62495?format=api", "vulnerability_id": "VCID-9yq7-aba3-c7c3", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32559.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32559.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32559", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.1888", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18885", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18963", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19017", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19024", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18977", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18926", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19169", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22427", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32559" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050739", "reference_id": "1050739", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050739" }, { "reference_url": "https://hackerone.com/reports/1946470", "reference_id": "1946470", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:34:58Z/" } ], "url": "https://hackerone.com/reports/1946470" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230956", "reference_id": "2230956", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230956" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231006-0006/", "reference_id": "ntap-20231006-0006", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:34:58Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20231006-0006/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5360", "reference_id": "RHSA-2023:5360", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5360" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5361", "reference_id": "RHSA-2023:5361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5362", "reference_id": "RHSA-2023:5362", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5362" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5363", "reference_id": "RHSA-2023:5363", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5532", "reference_id": "RHSA-2023:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5532" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5533", "reference_id": "RHSA-2023:5533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5533" }, { "reference_url": "https://usn.ubuntu.com/6822-1/", "reference_id": "USN-6822-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6822-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932834?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932833?format=api", "purl": "pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.13.0%252Bdfsg1-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932831?format=api", "purl": "pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.0%252Bdfsg-6~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-32559" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9yq7-aba3-c7c3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37526?format=api", "vulnerability_id": "VCID-a7mj-p1d7-h3cv", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39331.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39331.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39331", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00719", "scoring_system": "epss", "scoring_elements": "0.72413", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00719", "scoring_system": "epss", "scoring_elements": "0.72497", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00719", "scoring_system": "epss", "scoring_elements": "0.72447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00719", "scoring_system": "epss", "scoring_elements": "0.7246", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00719", "scoring_system": "epss", "scoring_elements": "0.72483", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00719", "scoring_system": "epss", "scoring_elements": "0.72465", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00719", "scoring_system": "epss", "scoring_elements": "0.72455", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00719", "scoring_system": "epss", "scoring_elements": "0.72431", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00719", "scoring_system": "epss", "scoring_elements": "0.72408", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39331" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2092852", "reference_id": "2092852", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-13T15:17:01Z/" } ], "url": "https://hackerone.com/reports/2092852" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244413", "reference_id": "2244413", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244413" }, { "reference_url": "https://security.gentoo.org/glsa/202505-11", "reference_id": "GLSA-202505-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-11" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231116-0009/", "reference_id": "ntap-20231116-0009", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-13T15:17:01Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20231116-0009/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7205", "reference_id": "RHSA-2023:7205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7205" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-39331" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a7mj-p1d7-h3cv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34823?format=api", "vulnerability_id": "VCID-ap4u-dkwx-1kb3", "summary": "Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22931.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22931.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22931", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71095", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71189", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71104", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71122", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71097", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71139", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71151", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71175", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.7116", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71143", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22931" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1178337", "reference_id": "1178337", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-11T21:01:01Z/" } ], "url": "https://hackerone.com/reports/1178337" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993019", "reference_id": "1993019", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993019" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/", "reference_id": "aug-2021-security-releases", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-11T21:01:01Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/" }, { "reference_url": "https://security.archlinux.org/AVG-2286", "reference_id": "AVG-2286", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2286" }, { "reference_url": "https://security.gentoo.org/glsa/202401-02", "reference_id": "GLSA-202401-02", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-11T21:01:01Z/" } ], "url": "https://security.gentoo.org/glsa/202401-02" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210923-0001/", "reference_id": "ntap-20210923-0001", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-11T21:01:01Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210923-0001/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211022-0003/", "reference_id": "ntap-20211022-0003", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-11T21:01:01Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211022-0003/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3280", "reference_id": "RHSA-2021:3280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3281", "reference_id": "RHSA-2021:3281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3623", "reference_id": "RHSA-2021:3623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3638", "reference_id": "RHSA-2021:3638", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3638" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3639", "reference_id": "RHSA-2021:3639", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3639" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3666", "reference_id": "RHSA-2021:3666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3666" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-22931" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ap4u-dkwx-1kb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37553?format=api", "vulnerability_id": "VCID-apbs-8ge7-dyg3", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21896.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21896.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21896", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81989", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81921", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81917", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81943", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81951", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81971", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81959", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81954", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81898", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21896" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2218653", "reference_id": "2218653", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/CR:M/IR:M/AR:M" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-12T04:00:41Z/" } ], "url": "https://hackerone.com/reports/2218653" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265717", "reference_id": "2265717", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265717" }, { "reference_url": "https://security.gentoo.org/glsa/202505-11", "reference_id": "GLSA-202505-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-11" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240329-0002/", "reference_id": "ntap-20240329-0002", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/CR:M/IR:M/AR:M" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-12T04:00:41Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240329-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1687", "reference_id": "RHSA-2024:1687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1688", "reference_id": "RHSA-2024:1688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1688" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-21896" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-apbs-8ge7-dyg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34126?format=api", "vulnerability_id": "VCID-atyy-fepb-6yge", "summary": "Multiple vulnerabilities have been found in Node.js, the worst of\n which can allow remote attackers to cause Denial of Service conditions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5325.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5325.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00985", "scoring_system": "epss", "scoring_elements": "0.76765", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00985", "scoring_system": "epss", "scoring_elements": "0.76769", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00985", "scoring_system": "epss", "scoring_elements": "0.76798", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00985", "scoring_system": "epss", "scoring_elements": "0.76779", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00985", "scoring_system": "epss", "scoring_elements": "0.7681", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00985", "scoring_system": "epss", "scoring_elements": "0.7682", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00985", "scoring_system": "epss", "scoring_elements": "0.76849", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00985", "scoring_system": "epss", "scoring_elements": "0.76829", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00985", "scoring_system": "epss", "scoring_elements": "0.76822", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00985", "scoring_system": "epss", "scoring_elements": "0.76865", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5325" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346910", "reference_id": "1346910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346910" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839714", "reference_id": "839714", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839714" }, { "reference_url": "https://security.gentoo.org/glsa/201612-43", "reference_id": "GLSA-201612-43", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201612-43" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0002", "reference_id": "RHSA-2017:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0002" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932808?format=api", "purl": "pkg:deb/debian/nodejs@4.6.0~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@4.6.0~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-5325" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-atyy-fepb-6yge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207785?format=api", "vulnerability_id": "VCID-b1vd-c8xt-dqc6", "summary": "Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36138", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49476", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49428", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.4943", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49409", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49436", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49389", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49444", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49439", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49457", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36138" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/july-2024-security-releases", "reference_id": "july-2024-security-releases", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T17:53:28Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/july-2024-security-releases" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-36138" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b1vd-c8xt-dqc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53933?format=api", "vulnerability_id": "VCID-b54b-pd2b-bygm", "summary": "llhttp allows HTTP Request Smuggling via Flawed Parsing of Transfer-Encoding\nThe llhttp parser in the http module in Node.js v17.x does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).\n\nImpacts:\n\n- All versions of the nodejs 18.x, 16.x, and 14.x releases lines.\n- llhttp v6.0.7 and llhttp v2.1.5 contains the fixes that were updated inside Node.js", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32213.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32213.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32213", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.88458", "scoring_system": "epss", "scoring_elements": "0.99504", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.89626", "scoring_system": "epss", "scoring_elements": "0.99561", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.89626", "scoring_system": "epss", "scoring_elements": "0.9956", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.89626", "scoring_system": "epss", "scoring_elements": "0.99559", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.89626", "scoring_system": "epss", "scoring_elements": "0.99558", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.89626", "scoring_system": "epss", "scoring_elements": "0.99557", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32213" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb" }, { "reference_url": "https://hackerone.com/reports/1524555", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1524555" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32213", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32213" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220915-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220915-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220915-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220915-0001/" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5326", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2023/dsa-5326" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105430", "reference_id": "2105430", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105430" }, { "reference_url": "https://github.com/advisories/GHSA-5689-v88g-g6rv", "reference_id": "GHSA-5689-v88g-g6rv", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5689-v88g-g6rv" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6389", "reference_id": "RHSA-2022:6389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6448", "reference_id": "RHSA-2022:6448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6449", "reference_id": "RHSA-2022:6449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6595", "reference_id": "RHSA-2022:6595", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6595" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6985", "reference_id": "RHSA-2022:6985", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6985" }, { "reference_url": "https://usn.ubuntu.com/6491-1/", "reference_id": "USN-6491-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6491-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932828?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932827?format=api", "purl": "pkg:deb/debian/nodejs@18.6.0%2Bdfsg-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.6.0%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-32213", "GHSA-5689-v88g-g6rv" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b54b-pd2b-bygm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/241500?format=api", "vulnerability_id": "VCID-b7hq-5yyx-tuhs", "summary": "Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22921", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00527", "scoring_system": "epss", "scoring_elements": "0.67152", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00527", "scoring_system": "epss", "scoring_elements": "0.67048", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00527", "scoring_system": "epss", "scoring_elements": "0.67085", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00527", "scoring_system": "epss", "scoring_elements": "0.67109", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00527", "scoring_system": "epss", "scoring_elements": "0.67083", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00527", "scoring_system": "epss", "scoring_elements": "0.67133", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00527", "scoring_system": "epss", "scoring_elements": "0.67145", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00527", "scoring_system": "epss", "scoring_elements": "0.67164", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00527", "scoring_system": "epss", "scoring_elements": "0.6715", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00527", "scoring_system": "epss", "scoring_elements": "0.67119", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22921" }, { "reference_url": "https://security.archlinux.org/AVG-2130", "reference_id": "AVG-2130", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2130" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-22921" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b7hq-5yyx-tuhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64947?format=api", "vulnerability_id": "VCID-bjza-25hu-vkad", "summary": "nodejs: Nodejs denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21637.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21637.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21637", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.1369", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13484", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13654", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13618", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.1357", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13752", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13552", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13633", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13684", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21637" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21637", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21637" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431340", "reference_id": "2431340", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431340" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases", "reference_id": "december-2025-security-releases", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-21T20:22:28Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1842", "reference_id": "RHSA-2026:1842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1843", "reference_id": "RHSA-2026:1843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2420", "reference_id": "RHSA-2026:2420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2420" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2421", "reference_id": "RHSA-2026:2421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2422", "reference_id": "RHSA-2026:2422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2767", "reference_id": "RHSA-2026:2767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2767" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2768", "reference_id": "RHSA-2026:2768", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2781", "reference_id": "RHSA-2026:2781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2782", "reference_id": "RHSA-2026:2782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2783", "reference_id": "RHSA-2026:2783", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2783" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2864", "reference_id": "RHSA-2026:2864", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2899", "reference_id": "RHSA-2026:2899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2899" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7350", "reference_id": "RHSA-2026:7350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7670", "reference_id": "RHSA-2026:7670", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7670" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7675", "reference_id": "RHSA-2026:7675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7675" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932844?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-21637" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bjza-25hu-vkad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37572?format=api", "vulnerability_id": "VCID-bx67-aud6-b3fa", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22025.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22025.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22025", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.62515", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.62483", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70404", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70415", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70429", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70444", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70457", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.7042", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70359", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22025" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270559", "reference_id": "2270559", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270559" }, { "reference_url": "https://hackerone.com/reports/2284065", "reference_id": "2284065", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T20:30:35Z/" } ], "url": "https://hackerone.com/reports/2284065" }, { "reference_url": "https://security.gentoo.org/glsa/202505-11", "reference_id": "GLSA-202505-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-11" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html", "reference_id": "msg00029.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T20:30:35Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240517-0008/", "reference_id": "ntap-20240517-0008", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T20:30:35Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240517-0008/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2778", "reference_id": "RHSA-2024:2778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2778" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2779", "reference_id": "RHSA-2024:2779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2780", "reference_id": "RHSA-2024:2780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2853", "reference_id": "RHSA-2024:2853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2910", "reference_id": "RHSA-2024:2910", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2910" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4559", "reference_id": "RHSA-2024:4559", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4559" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4721", "reference_id": "RHSA-2024:4721", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4721" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932834?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932835?format=api", "purl": "pkg:deb/debian/nodejs@18.19.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-22025" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bx67-aud6-b3fa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69900?format=api", "vulnerability_id": "VCID-c8xz-v6h3-6ueb", "summary": "nodejs: libuv: Out-of-Bounds Access Due to Inconsistent off_t Size in libuv and Node.js Build on i386", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47153.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47153.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47153", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71787", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71861", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71805", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71779", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71818", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71829", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71854", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71837", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71819", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47153" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47153", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47153" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363236", "reference_id": "2363236", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363236" }, { "reference_url": "https://github.com/nodejs/node-v0.x-archive/issues/4549", "reference_id": "4549", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:42:34Z/" } ], "url": "https://github.com/nodejs/node-v0.x-archive/issues/4549" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076350", "reference_id": "bugreport.cgi?bug=1076350", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:42:34Z/" } ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076350" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922075", "reference_id": "bugreport.cgi?bug=922075", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:42:34Z/" } ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922075" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=892601", "reference_id": "show_bug.cgi?id=892601", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:42:34Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892601" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932841?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932842?format=api", "purl": "pkg:deb/debian/nodejs@20.19.0%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.0%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-47153" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c8xz-v6h3-6ueb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/267285?format=api", "vulnerability_id": "VCID-cjrh-xgy5-63ga", "summary": "An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. \r\n\r\nThis vulnerability affects Windows users of `path.join` API.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27210", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03967", "scoring_system": "epss", "scoring_elements": "0.88393", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.07107", "scoring_system": "epss", "scoring_elements": "0.91498", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.09232", "scoring_system": "epss", "scoring_elements": "0.92698", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.09232", "scoring_system": "epss", "scoring_elements": "0.92712", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.09232", "scoring_system": "epss", "scoring_elements": "0.92718", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.09232", "scoring_system": "epss", "scoring_elements": "0.92717", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.09232", "scoring_system": "epss", "scoring_elements": "0.92699", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.09232", "scoring_system": "epss", "scoring_elements": "0.92708", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27210" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/nodejs/remote/52369.py", "reference_id": "CVE-2025-27210", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/nodejs/remote/52369.py" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/july-2025-security-releases", "reference_id": "july-2025-security-releases", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-21T17:11:02Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/july-2025-security-releases" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-27210" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cjrh-xgy5-63ga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34123?format=api", "vulnerability_id": "VCID-d8nf-t1fb-2uad", "summary": "Multiple vulnerabilities have been found in Node.js, the worst of\n which can allow remote attackers to cause Denial of Service conditions.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177184.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177184.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177673.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177673.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2086.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2086.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2086", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00482", "scoring_system": "epss", "scoring_elements": "0.65188", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00482", "scoring_system": "epss", "scoring_elements": "0.6518", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00482", "scoring_system": "epss", "scoring_elements": "0.65153", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00482", "scoring_system": "epss", "scoring_elements": "0.6507", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00482", "scoring_system": "epss", "scoring_elements": "0.6512", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00482", "scoring_system": "epss", "scoring_elements": "0.65147", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00482", "scoring_system": "epss", "scoring_elements": "0.65112", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00482", "scoring_system": "epss", "scoring_elements": "0.65162", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00482", "scoring_system": "epss", "scoring_elements": "0.65174", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00482", "scoring_system": "epss", "scoring_elements": "0.65193", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2086" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/" }, { "reference_url": "http://www.securityfocus.com/bid/83282", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/83282" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1306200", "reference_id": "1306200", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1306200" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.16-isaacs-manual:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.16-isaacs-manual:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.16-isaacs-manual:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.38:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.38:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.38:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.39:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.39:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.39:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.40:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.40:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.40:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.41:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.41:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.41:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.10.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.10.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:0.12.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:0.12.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:5.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:5.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:5.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:5.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:5.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:5.5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:5.5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2086", "reference_id": "CVE-2016-2086", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2086" }, { "reference_url": "https://security.gentoo.org/glsa/201612-43", "reference_id": "GLSA-201612-43", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201612-43" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932807?format=api", "purl": "pkg:deb/debian/nodejs@4.3.0~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@4.3.0~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2086" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d8nf-t1fb-2uad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62479?format=api", "vulnerability_id": "VCID-dfdy-vhdd-5kh4", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35256.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35256.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.88301", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.88361", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.88315", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.8832", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.88339", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.88346", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.88356", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03945", "scoring_system": "epss", "scoring_elements": "0.88348", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1675191", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:21:44Z/" } ], "url": "https://hackerone.com/reports/1675191" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518", "reference_id": "2130518", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256", "reference_id": "CVE-2022-35256", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6963", "reference_id": "RHSA-2022:6963", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6963" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6964", "reference_id": "RHSA-2022:6964", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6964" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7044", "reference_id": "RHSA-2022:7044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7821", "reference_id": "RHSA-2022:7821", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7821" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7830", "reference_id": "RHSA-2022:7830", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7830" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0321", "reference_id": "RHSA-2023:0321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1533", "reference_id": "RHSA-2023:1533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1742", "reference_id": "RHSA-2023:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1742" }, { "reference_url": "https://usn.ubuntu.com/6491-1/", "reference_id": "USN-6491-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6491-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932828?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932829?format=api", "purl": "pkg:deb/debian/nodejs@18.10.0%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.10.0%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-35256" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dfdy-vhdd-5kh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63925?format=api", "vulnerability_id": "VCID-dgkh-jdah-wfh9", "summary": "nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21717.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21717.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21717", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04143", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05391", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07343", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07439", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07425", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07414", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07373", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07429", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07452", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21717" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21717", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21717" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453162", "reference_id": "2453162", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453162" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases", "reference_id": "march-2026-security-releases", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T19:46:02Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7350", "reference_id": "RHSA-2026:7350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7670", "reference_id": "RHSA-2026:7670", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7670" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7675", "reference_id": "RHSA-2026:7675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7675" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932844?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-21717" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dgkh-jdah-wfh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25?format=api", "vulnerability_id": "VCID-dmv4-ydq9-a7eq", "summary": "Excessive CPU usage in HTTP/2 with small window updates", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9511.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9511.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94283", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94339", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94304", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94313", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94318", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94322", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94324", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94292", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94302", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860", "reference_id": "1741860", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885", "reference_id": "934885", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037", "reference_id": "935037", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037" }, { "reference_url": "https://security.archlinux.org/ASA-201908-12", "reference_id": "ASA-201908-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-12" }, { "reference_url": "https://security.archlinux.org/ASA-201908-13", "reference_id": "ASA-201908-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-13" }, { "reference_url": "https://security.archlinux.org/ASA-201908-17", "reference_id": "ASA-201908-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-17" }, { "reference_url": "https://security.archlinux.org/AVG-1022", "reference_id": "AVG-1022", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1022" }, { "reference_url": "https://security.archlinux.org/AVG-1023", "reference_id": "AVG-1023", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1023" }, { "reference_url": "https://security.archlinux.org/AVG-1024", "reference_id": "AVG-1024", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1024" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511", "reference_id": "CVE-2019-9511", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2692", "reference_id": "RHSA-2019:2692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2745", "reference_id": "RHSA-2019:2745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2746", "reference_id": "RHSA-2019:2746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2775", "reference_id": "RHSA-2019:2775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2799", "reference_id": "RHSA-2019:2799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2946", "reference_id": "RHSA-2019:2946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2949", "reference_id": "RHSA-2019:2949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3041", "reference_id": "RHSA-2019:3041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0922", "reference_id": "RHSA-2020:0922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1445", "reference_id": "RHSA-2020:1445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2067", "reference_id": "RHSA-2020:2067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2565", "reference_id": "RHSA-2020:2565", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2565" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3192", "reference_id": "RHSA-2020:3192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5856", "reference_id": "RHSA-2024:5856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "reference_url": "https://usn.ubuntu.com/4099-1/", "reference_id": "USN-4099-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4099-1/" }, { "reference_url": "https://usn.ubuntu.com/6754-1/", "reference_id": "USN-6754-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6754-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932816?format=api", "purl": "pkg:deb/debian/nodejs@10.16.3~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.16.3~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-9511" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dmv4-ydq9-a7eq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63919?format=api", "vulnerability_id": "VCID-dt7u-3usg-9uet", "summary": "Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21710.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21710.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21710", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0252", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03788", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05755", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05805", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05797", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0579", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05762", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05801", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05826", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", "reference_id": "2453151", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453151" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases", "reference_id": "march-2026-security-releases", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:55:20Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7080", "reference_id": "RHSA-2026:7080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7123", "reference_id": "RHSA-2026:7123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7302", "reference_id": "RHSA-2026:7302", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7302" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7310", "reference_id": "RHSA-2026:7310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7350", "reference_id": "RHSA-2026:7350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7670", "reference_id": "RHSA-2026:7670", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7670" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7675", "reference_id": "RHSA-2026:7675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7896", "reference_id": "RHSA-2026:7896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7896" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7983", "reference_id": "RHSA-2026:7983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8339", "reference_id": "RHSA-2026:8339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8339" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932844?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-21710" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dt7u-3usg-9uet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62473?format=api", "vulnerability_id": "VCID-e18p-c3m9-2qgy", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44532.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44532.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44532", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32731", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32862", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32897", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32718", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32765", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32792", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32794", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32756", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.3273", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32771", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44532" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177", "reference_id": "1004177", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040846", "reference_id": "2040846", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040846" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4914", "reference_id": "RHSA-2022:4914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4914" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7044", "reference_id": "RHSA-2022:7044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7830", "reference_id": "RHSA-2022:7830", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7830" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9073", "reference_id": "RHSA-2022:9073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1742", "reference_id": "RHSA-2023:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3742", "reference_id": "RHSA-2023:3742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932826?format=api", "purl": "pkg:deb/debian/nodejs@12.22.9~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.9~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932825?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-44532" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e18p-c3m9-2qgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37546?format=api", "vulnerability_id": "VCID-e6gj-fe31-kkh5", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46809.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46809.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46809", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01239", "scoring_system": "epss", "scoring_elements": "0.79194", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01239", "scoring_system": "epss", "scoring_elements": "0.79259", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01239", "scoring_system": "epss", "scoring_elements": "0.7926", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01239", "scoring_system": "epss", "scoring_elements": "0.79244", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01239", "scoring_system": "epss", "scoring_elements": "0.79232", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01239", "scoring_system": "epss", "scoring_elements": "0.79218", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01239", "scoring_system": "epss", "scoring_elements": "0.79203", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01239", "scoring_system": "epss", "scoring_elements": "0.79228", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01239", "scoring_system": "epss", "scoring_elements": "0.79236", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46809" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055", "reference_id": "1064055", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264569", "reference_id": "2264569", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264569" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/february-2024-security-releases", "reference_id": "february-2024-security-releases", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T17:40:41Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/february-2024-security-releases" }, { "reference_url": "https://security.gentoo.org/glsa/202505-11", "reference_id": "GLSA-202505-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1503", "reference_id": "RHSA-2024:1503", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1503" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1510", "reference_id": "RHSA-2024:1510", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1510" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1687", "reference_id": "RHSA-2024:1687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1688", "reference_id": "RHSA-2024:1688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1880", "reference_id": "RHSA-2024:1880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1932", "reference_id": "RHSA-2024:1932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1932" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932834?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932835?format=api", "purl": "pkg:deb/debian/nodejs@18.19.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-46809" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e6gj-fe31-kkh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62488?format=api", "vulnerability_id": "VCID-e7u5-356v-jbg7", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30590.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30590.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30590", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.76361", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.76391", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.76373", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.76405", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.7642", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.76445", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.76423", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.76418", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.76459", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30590" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990", "reference_id": "1039990", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219842", "reference_id": "2219842", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219842" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4330", "reference_id": "RHSA-2023:4330", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4330" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4331", "reference_id": "RHSA-2023:4331", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4331" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4536", "reference_id": "RHSA-2023:4536", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4537", "reference_id": "RHSA-2023:4537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5361", "reference_id": "RHSA-2023:5361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5533", "reference_id": "RHSA-2023:5533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5533" }, { "reference_url": "https://usn.ubuntu.com/6735-1/", "reference_id": "USN-6735-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6735-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932834?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932833?format=api", "purl": "pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.13.0%252Bdfsg1-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932831?format=api", "purl": "pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.0%252Bdfsg-6~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-30590" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e7u5-356v-jbg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62486?format=api", "vulnerability_id": "VCID-ec66-gwvw-kucs", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30587.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30587.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30587", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02564", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02562", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02579", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02577", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02578", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02582", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02587", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02608", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02591", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30587" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219831", "reference_id": "2219831", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219831" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases", "reference_id": "june-2023-security-releases", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-09T18:23:12Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-30587" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ec66-gwvw-kucs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37521?format=api", "vulnerability_id": "VCID-enz6-qdn6-dkgm", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38552.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38552.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38552", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.6041", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60499", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60437", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60405", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60454", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.6047", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.6049", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60477", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60457", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38552" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054892", "reference_id": "1054892", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054892" }, { "reference_url": "https://hackerone.com/reports/2094235", "reference_id": "2094235", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:14:02Z/" } ], "url": "https://hackerone.com/reports/2094235" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244415", "reference_id": "2244415", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244415" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", "reference_id": "3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:14:02Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", "reference_id": "E72T67UPDRXHIDLO3OROR25YAMN4GGW5", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:14:02Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", "reference_id": "FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:14:02Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/" }, { "reference_url": "https://security.gentoo.org/glsa/202505-11", "reference_id": "GLSA-202505-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-11" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", "reference_id": "HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:14:02Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", "reference_id": "LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:14:02Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231116-0013/", "reference_id": "ntap-20231116-0013", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:14:02Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20231116-0013/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5849", "reference_id": "RHSA-2023:5849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5869", "reference_id": "RHSA-2023:5869", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5869" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7205", "reference_id": "RHSA-2023:7205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7205" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", "reference_id": "X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-20T15:14:02Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932833?format=api", "purl": "pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.13.0%252Bdfsg1-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932831?format=api", "purl": "pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.0%252Bdfsg-6~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-38552" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-enz6-qdn6-dkgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57381?format=api", "vulnerability_id": "VCID-f7ch-ze7a-d7gr", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12116.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12116.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12116", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.69917", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.69929", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.69944", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.69922", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.6997", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.69987", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.7001", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.69995", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.69981", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.70024", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12116" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12116", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12116" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660998", "reference_id": "1660998", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660998" }, { "reference_url": "https://usn.ubuntu.com/USN-4796-1/", "reference_id": "USN-USN-4796-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4796-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932810?format=api", "purl": "pkg:deb/debian/nodejs@10.15.0~dfsg-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.15.0~dfsg-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-12116" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f7ch-ze7a-d7gr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63932?format=api", "vulnerability_id": "VCID-fetp-hvhq-dube", "summary": "Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21712.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21712.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21712", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01719", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02676", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02769", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02817", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02838", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02807", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02788", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02784", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02814", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21712" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453037", "reference_id": "2453037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453037" }, { "reference_url": "https://hackerone.com/reports/3546390", "reference_id": "3546390", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T15:52:17Z/" } ], "url": "https://hackerone.com/reports/3546390" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases", "reference_id": "march-2026-security-releases", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T15:52:17Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7350", "reference_id": "RHSA-2026:7350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7670", "reference_id": "RHSA-2026:7670", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7670" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7675", "reference_id": "RHSA-2026:7675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7675" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-21712" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fetp-hvhq-dube" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167678?format=api", "vulnerability_id": "VCID-g28p-7shw-n3bn", "summary": "Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to \"..\" handling was incompatible with the pathname validation used by unspecified community modules.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14849", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90232", "scoring_system": "epss", "scoring_elements": "0.99596", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.90232", "scoring_system": "epss", "scoring_elements": "0.99595", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.90232", "scoring_system": "epss", "scoring_elements": "0.99591", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.90232", "scoring_system": "epss", "scoring_elements": "0.99592", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.90232", "scoring_system": "epss", "scoring_elements": "0.99593", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.90232", "scoring_system": "epss", "scoring_elements": "0.99594", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14849" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/" }, { "reference_url": "https://twitter.com/nodejs/status/913131152868876288", "reference_id": "", "reference_type": "", "scores": [], "url": "https://twitter.com/nodejs/status/913131152868876288" }, { "reference_url": "http://www.securityfocus.com/bid/101056", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101056" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:8.5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14849", "reference_id": "CVE-2017-14849", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14849" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-14849" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g28p-7shw-n3bn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62485?format=api", "vulnerability_id": "VCID-g5wj-ffk1-7bg7", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30586.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30586.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30586", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13467", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13256", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13456", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.1343", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13395", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13349", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13529", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13324", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13406", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30586" }, { "reference_url": "https://hackerone.com/reports/1954535", "reference_id": "1954535", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-27T18:27:16Z/" } ], "url": "https://hackerone.com/reports/1954535" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219837", "reference_id": "2219837", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219837" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230803-0008/", "reference_id": "ntap-20230803-0008", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-27T18:27:16Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230803-0008/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-30586" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g5wj-ffk1-7bg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11561?format=api", "vulnerability_id": "VCID-gwyr-ac4e-dqfa", "summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')\nThe llhttp parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22959.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22959.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22959", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43692", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43791", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43746", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.4373", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43747", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43772", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43706", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43756", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43759", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43779", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22959" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1238709", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1238709" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014057", "reference_id": "2014057", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014057" }, { "reference_url": "https://security.archlinux.org/ASA-202110-4", "reference_id": "ASA-202110-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202110-4" }, { "reference_url": "https://security.archlinux.org/AVG-2460", "reference_id": "AVG-2460", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2460" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959", "reference_id": "CVE-2021-22959", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5171", "reference_id": "RHSA-2021:5171", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5171" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0041", "reference_id": "RHSA-2022:0041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0246", "reference_id": "RHSA-2022:0246", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0246" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0350", "reference_id": "RHSA-2022:0350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4914", "reference_id": "RHSA-2022:4914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4914" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932824?format=api", "purl": "pkg:deb/debian/nodejs@12.22.7~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.7~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932825?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-22959" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gwyr-ac4e-dqfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82978?format=api", "vulnerability_id": "VCID-h8gu-1htb-u3fg", "summary": "nodejs: Debugger port 5858 listens on any interface by default", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12120.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12120.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12120", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.61938", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.6201", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62041", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62009", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62059", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62077", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62098", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62087", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62066", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62109", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12120" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661016", "reference_id": "1661016", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661016" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932811?format=api", "purl": "pkg:deb/debian/nodejs@8.9.3~dfsg-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@8.9.3~dfsg-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-12120" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h8gu-1htb-u3fg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78661?format=api", "vulnerability_id": "VCID-hnjv-fp2r-vqfq", "summary": "Node.js: insecure loading of ICU data through ICU_DATA environment variable", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23920.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23920.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23920", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26656", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26511", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26699", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26485", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26553", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26602", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26608", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26562", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26505", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834", "reference_id": "1031834", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217", "reference_id": "2172217", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5395", "reference_id": "dsa-5395", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5395" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/", "reference_id": "february-2023-security-releases", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html", "reference_id": "msg00038.html", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230316-0008/", "reference_id": "ntap-20230316-0008", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230316-0008/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1533", "reference_id": "RHSA-2023:1533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1582", "reference_id": "RHSA-2023:1582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1583", "reference_id": "RHSA-2023:1583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1583" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1742", "reference_id": "RHSA-2023:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1743", "reference_id": "RHSA-2023:1743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1744", "reference_id": "RHSA-2023:1744", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1744" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2654", "reference_id": "RHSA-2023:2654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2654" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2655", "reference_id": "RHSA-2023:2655", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2655" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5533", "reference_id": "RHSA-2023:5533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5533" }, { "reference_url": "https://usn.ubuntu.com/6672-1/", "reference_id": "USN-6672-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6672-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932833?format=api", "purl": "pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.13.0%252Bdfsg1-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932831?format=api", "purl": "pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.0%252Bdfsg-6~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-23920" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hnjv-fp2r-vqfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84192?format=api", "vulnerability_id": "VCID-hu7c-gc8f-q3cm", "summary": "nodejs: Constant Hashtable Seeds vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11499.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11499.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11499", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59252", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59395", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.5938", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59362", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59326", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59349", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59314", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59364", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59377", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59396", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11499" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1475327", "reference_id": "1475327", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1475327" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868162", "reference_id": "868162", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2908", "reference_id": "RHSA-2017:2908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2908" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3002", "reference_id": "RHSA-2017:3002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3002" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932809?format=api", "purl": "pkg:deb/debian/nodejs@4.8.4~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@4.8.4~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-11499" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hu7c-gc8f-q3cm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78333?format=api", "vulnerability_id": "VCID-jbph-d393-byd4", "summary": "nodejs: privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30585.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30585.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30585", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02122", "scoring_system": "epss", "scoring_elements": "0.84091", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02122", "scoring_system": "epss", "scoring_elements": "0.84109", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02122", "scoring_system": "epss", "scoring_elements": "0.8411", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02122", "scoring_system": "epss", "scoring_elements": "0.84133", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02122", "scoring_system": "epss", "scoring_elements": "0.84139", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02122", "scoring_system": "epss", "scoring_elements": "0.84156", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02122", "scoring_system": "epss", "scoring_elements": "0.84151", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02122", "scoring_system": "epss", "scoring_elements": "0.84147", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02122", "scoring_system": "epss", "scoring_elements": "0.84169", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30585" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219835", "reference_id": "2219835", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219835" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-30585" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jbph-d393-byd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64948?format=api", "vulnerability_id": "VCID-jbws-qjq3-qbhq", "summary": "nodejs: Nodejs network segmentation bypass", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21636.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21636.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21636", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06241", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06264", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0633", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06324", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06313", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06272", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06251", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06297", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06338", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21636" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431342", "reference_id": "2431342", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431342" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases", "reference_id": "december-2025-security-releases", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-21T18:38:13Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-21636" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jbws-qjq3-qbhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64950?format=api", "vulnerability_id": "VCID-k4cj-47gd-s7ck", "summary": "nodejs: Nodejs memory leak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59464.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59464.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59464", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16583", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16409", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16566", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16526", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16468", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16645", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16445", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16531", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16585", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59464" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431344", "reference_id": "2431344", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431344" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases", "reference_id": "december-2025-security-releases", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T20:40:07Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-59464" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k4cj-47gd-s7ck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57390?format=api", "vulnerability_id": "VCID-ke6j-fgys-gyga", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15605.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15605.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15605", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.96807", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.96815", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.96816", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.9682", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.96828", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.9683", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.96832", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.96834", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.32252", "scoring_system": "epss", "scoring_elements": "0.9684", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364", "reference_id": "1800364", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800364" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977467", "reference_id": "977467", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0598", "reference_id": "RHSA-2020:0598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0703", "reference_id": "RHSA-2020:0703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0707", "reference_id": "RHSA-2020:0707", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0707" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0708", "reference_id": "RHSA-2020:0708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0708" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1510", "reference_id": "RHSA-2020:1510", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1510" }, { "reference_url": "https://usn.ubuntu.com/6380-1/", "reference_id": "USN-6380-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6380-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932814?format=api", "purl": "pkg:deb/debian/nodejs@10.19.0~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.19.0~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-15605" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ke6j-fgys-gyga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62493?format=api", "vulnerability_id": "VCID-kj75-vmwa-gqgq", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32006.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32006.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32006", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22435", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22343", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22479", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22267", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.2235", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22405", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22426", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22385", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22328", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32006" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32006" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050739", "reference_id": "1050739", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050739" }, { "reference_url": "https://hackerone.com/reports/2043807", "reference_id": "2043807", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:20:48Z/" } ], "url": "https://hackerone.com/reports/2043807" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230955", "reference_id": "2230955", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230955" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/", "reference_id": "JQPELKG2LVTADSB7ME73AV4DXQK47PWK", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:20:48Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230915-0009/", "reference_id": "ntap-20230915-0009", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:20:48Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230915-0009/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX/", "reference_id": "PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:20:48Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5360", "reference_id": "RHSA-2023:5360", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5360" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5361", "reference_id": "RHSA-2023:5361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5362", "reference_id": "RHSA-2023:5362", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5362" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5363", "reference_id": "RHSA-2023:5363", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5532", "reference_id": "RHSA-2023:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5532" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5533", "reference_id": "RHSA-2023:5533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5533" }, { "reference_url": "https://usn.ubuntu.com/6822-1/", "reference_id": "USN-6822-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6822-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932833?format=api", "purl": "pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.13.0%252Bdfsg1-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932831?format=api", "purl": "pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.0%252Bdfsg-6~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-32006" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kj75-vmwa-gqgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37583?format=api", "vulnerability_id": "VCID-krft-297e-qfdw", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36137.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36137.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36137", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23557", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24092", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24035", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.2418", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24218", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24004", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24071", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24117", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24133", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36137" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299281", "reference_id": "2299281", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299281" }, { "reference_url": "https://security.gentoo.org/glsa/202505-11", "reference_id": "GLSA-202505-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-11" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/july-2024-security-releases", "reference_id": "july-2024-security-releases", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T18:06:27Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/july-2024-security-releases" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5814", "reference_id": "RHSA-2024:5814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5814" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5815", "reference_id": "RHSA-2024:5815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5815" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932836?format=api", "purl": "pkg:deb/debian/nodejs@20.15.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.15.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-36137" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-krft-297e-qfdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68614?format=api", "vulnerability_id": "VCID-kvmm-gh2f-zqau", "summary": "nodejs: Node.js Rapidhash HashDoS Vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27209.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27209.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27209", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05749", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10234", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10335", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10307", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10369", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.104", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10358", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14078", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14188", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27209" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2382040", "reference_id": "2382040", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2382040" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/july-2025-security-releases", "reference_id": "july-2025-security-releases", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-21T17:14:28Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/july-2025-security-releases" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-27209" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kvmm-gh2f-zqau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13041?format=api", "vulnerability_id": "VCID-m5ae-uc68-d3g2", "summary": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')\nThis advisory has been marked as a false positive.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21824.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21824.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21824", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00505", "scoring_system": "epss", "scoring_elements": "0.66171", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71033", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71076", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71088", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71111", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71096", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.7108", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71126", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0066", "scoring_system": "epss", "scoring_elements": "0.71058", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1431042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1431042" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220325-0007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220325-0007/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220729-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220729-0004/" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5170", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2022/dsa-5170" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177", "reference_id": "1004177", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040862", "reference_id": "2040862", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040862" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21824", "reference_id": "CVE-2022-21824", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21824" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4914", "reference_id": "RHSA-2022:4914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4914" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7044", "reference_id": "RHSA-2022:7044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7830", "reference_id": "RHSA-2022:7830", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7830" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9073", "reference_id": "RHSA-2022:9073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1742", "reference_id": "RHSA-2023:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3742", "reference_id": "RHSA-2023:3742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932826?format=api", "purl": "pkg:deb/debian/nodejs@12.22.9~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.9~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932825?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-21824" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m5ae-uc68-d3g2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62480?format=api", "vulnerability_id": "VCID-m7rw-arzq-jba1", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43548.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43548.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43548", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68402", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68484", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68422", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68398", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68449", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68466", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68492", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.6848", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68447", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43548" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023518", "reference_id": "1023518", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023518" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911", "reference_id": "2140911", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html", "reference_id": "msg00038.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-24T14:03:01Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/", "reference_id": "november-2022-security-releases", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-24T14:03:01Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230120-0004/", "reference_id": "ntap-20230120-0004", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-24T14:03:01Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230120-0004/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230427-0007/", "reference_id": "ntap-20230427-0007", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-24T14:03:01Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230427-0007/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8832", "reference_id": "RHSA-2022:8832", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8832" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8833", "reference_id": "RHSA-2022:8833", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8833" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9073", "reference_id": "RHSA-2022:9073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0050", "reference_id": "RHSA-2023:0050", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0050" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0321", "reference_id": "RHSA-2023:0321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0612", "reference_id": "RHSA-2023:0612", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0612" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1533", "reference_id": "RHSA-2023:1533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1742", "reference_id": "RHSA-2023:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1742" }, { "reference_url": "https://usn.ubuntu.com/6491-1/", "reference_id": "USN-6491-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6491-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932828?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932830?format=api", "purl": "pkg:deb/debian/nodejs@18.12.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.12.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-43548" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m7rw-arzq-jba1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37551?format=api", "vulnerability_id": "VCID-mqcy-2run-93d6", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21892.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21892.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21892", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.636", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63536", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63564", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63529", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63581", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63598", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63613", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21892" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055", "reference_id": "1064055", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055" }, { "reference_url": "https://hackerone.com/reports/2237545", "reference_id": "2237545", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-12T04:00:40Z/" } ], "url": "https://hackerone.com/reports/2237545" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264582", "reference_id": "2264582", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264582" }, { "reference_url": "https://security.gentoo.org/glsa/202505-11", "reference_id": "GLSA-202505-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-11" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240322-0003/", "reference_id": "ntap-20240322-0003", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-12T04:00:40Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240322-0003/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1503", "reference_id": "RHSA-2024:1503", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1503" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1510", "reference_id": "RHSA-2024:1510", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1510" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1687", "reference_id": "RHSA-2024:1687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1688", "reference_id": "RHSA-2024:1688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1880", "reference_id": "RHSA-2024:1880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1932", "reference_id": "RHSA-2024:1932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1932" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932835?format=api", "purl": "pkg:deb/debian/nodejs@18.19.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-21892" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mqcy-2run-93d6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62474?format=api", "vulnerability_id": "VCID-ms5y-gp7v-2qay", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44533.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44533.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44533", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.61846", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.6192", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.6195", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.61969", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.61987", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.62008", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.61997", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.61977", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.62019", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44533" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177", "reference_id": "1004177", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040856", "reference_id": "2040856", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040856" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4914", "reference_id": "RHSA-2022:4914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4914" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7044", "reference_id": "RHSA-2022:7044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7830", "reference_id": "RHSA-2022:7830", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7830" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9073", "reference_id": "RHSA-2022:9073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1742", "reference_id": "RHSA-2023:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3742", "reference_id": "RHSA-2023:3742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932826?format=api", "purl": "pkg:deb/debian/nodejs@12.22.9~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.9~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932825?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-44533" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ms5y-gp7v-2qay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55688?format=api", "vulnerability_id": "VCID-n66u-b73u-zucb", "summary": "golang.org/x/net/http vulnerable to a reset flood\nSome HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. Servers that accept direct connections from untrusted clients could be remotely made to allocate an unlimited amount of memory, until the program crashes. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.\n\n### Specific Go Packages Affected\ngolang.org/x/net/http2", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2594", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2661", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2682", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2690", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2726", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2766", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2769", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2769" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2796", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2796" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2861", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2925", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2925" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2939", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2955", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2955" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2966", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2966" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3131", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3131" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3245", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3245" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3265", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3265" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3892", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3892" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3906", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4018", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4019", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4020", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4021", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4040", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4041", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4042", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4045", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4269", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4269" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4273", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4273" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4352", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4352" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0406", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0406" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0727", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0727" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9514.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9514.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92836", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92799", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92806", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.9281", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92809", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92818", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92822", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92826", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92825", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Aug/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Aug/16" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "reference_url": "https://go.dev/cl/190137", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://go.dev/cl/190137" }, { "reference_url": "https://go.dev/issue/33606", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://go.dev/issue/33606" }, { "reference_url": "https://go.googlesource.com/go/+/145e193131eb486077b66009beb051aba07c52a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://go.googlesource.com/go/+/145e193131eb486077b66009beb051aba07c52a5" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/65QixT3tcmg/m/DrFiG6vvCwAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/golang-announce/c/65QixT3tcmg/m/DrFiG6vvCwAJ" }, { "reference_url": "https://kb.cert.org/vuls/id/605641", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://kb.cert.org/vuls/id/605641" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10296", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10296" }, { "reference_url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2022-0536", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pkg.go.dev/vuln/GO-2022-0536" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/24", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Aug/24" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/31", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Aug/31" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/43", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Aug/43" }, { "reference_url": "https://seclists.org/bugtraq/2019/Sep/18", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Sep/18" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190823-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190823-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190823-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190823-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190823-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190823-0005" }, { "reference_url": "https://support.f5.com/csp/article/K01988340", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.f5.com/csp/article/K01988340" }, { "reference_url": "https://support.f5.com/csp/article/K01988340?utm_source=f5support&utm_medium=RSS", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.f5.com/csp/article/K01988340?utm_source=f5support&utm_medium=RSS" }, { "reference_url": "https://usn.ubuntu.com/4308-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4308-1" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4503", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4503" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4508", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4508" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4520", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4520" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4669", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4669" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_33", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_33" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/18/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062667", "reference_id": "1062667", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062667" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", "reference_id": "1735744", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735744" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885", "reference_id": "934885", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886", "reference_id": "934886", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887", "reference_id": "934887", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887" }, { "reference_url": "https://security.archlinux.org/ASA-201908-15", "reference_id": "ASA-201908-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-15" }, { "reference_url": "https://security.archlinux.org/AVG-1021", "reference_id": "AVG-1021", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2817", "reference_id": "RHSA-2019:2817", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2817" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0922", "reference_id": "RHSA-2020:0922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0983", "reference_id": "RHSA-2020:0983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1445", "reference_id": "RHSA-2020:1445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2067", "reference_id": "RHSA-2020:2067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2565", "reference_id": "RHSA-2020:2565", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2565" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3196", "reference_id": "RHSA-2020:3196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3197", "reference_id": "RHSA-2020:3197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5856", "reference_id": "RHSA-2024:5856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "reference_url": "https://usn.ubuntu.com/USN-4866-1/", "reference_id": "USN-USN-4866-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4866-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932816?format=api", "purl": "pkg:deb/debian/nodejs@10.16.3~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.16.3~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-9514", "GHSA-39qc-96h7-956f" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n66u-b73u-zucb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48670?format=api", "vulnerability_id": "VCID-n91z-kugd-ebb5", "summary": "Multiple vulnerabilities have been found in NodeJS, the worst of\n which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8201.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8201.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70267", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70279", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70297", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70273", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70319", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70333", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70357", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70342", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70328", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70372", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8201" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879311", "reference_id": "1879311", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879311" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4272", "reference_id": "RHSA-2020:4272", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4272" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4903", "reference_id": "RHSA-2020:4903", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4903" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5086", "reference_id": "RHSA-2020:5086", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5086" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932818?format=api", "purl": "pkg:deb/debian/nodejs@12.18.4~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.18.4~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-8201" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n91z-kugd-ebb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37580?format=api", "vulnerability_id": "VCID-nenk-4cgd-fugv", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27983.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27983.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27983", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.75933", "scoring_system": "epss", "scoring_elements": "0.98917", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.75933", "scoring_system": "epss", "scoring_elements": "0.98907", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.75933", "scoring_system": "epss", "scoring_elements": "0.98909", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.75933", "scoring_system": "epss", "scoring_elements": "0.98911", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.75933", "scoring_system": "epss", "scoring_elements": "0.98912", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.75933", "scoring_system": "epss", "scoring_elements": "0.98914", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.75933", "scoring_system": "epss", "scoring_elements": "0.98915", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27983" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27983", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27983" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068347", "reference_id": "1068347", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068347" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272764", "reference_id": "2272764", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272764" }, { "reference_url": "https://hackerone.com/reports/2319584", "reference_id": "2319584", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-09T19:14:56Z/" } ], "url": "https://hackerone.com/reports/2319584" }, { "reference_url": "https://security.archlinux.org/AVG-2852", "reference_id": "AVG-2852", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2852" }, { "reference_url": "https://security.archlinux.org/AVG-2853", "reference_id": "AVG-2853", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2853" }, { "reference_url": "https://security.gentoo.org/glsa/202505-11", "reference_id": "GLSA-202505-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-11" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE/", "reference_id": "JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-09T19:14:56Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240510-0002/", "reference_id": "ntap-20240510-0002", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-09T19:14:56Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240510-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2778", "reference_id": "RHSA-2024:2778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2778" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2779", "reference_id": "RHSA-2024:2779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2780", "reference_id": "RHSA-2024:2780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2853", "reference_id": "RHSA-2024:2853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2910", "reference_id": "RHSA-2024:2910", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2910" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2937", "reference_id": "RHSA-2024:2937", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2937" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3472", "reference_id": "RHSA-2024:3472", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3472" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3544", "reference_id": "RHSA-2024:3544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3545", "reference_id": "RHSA-2024:3545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3553", "reference_id": "RHSA-2024:3553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4353", "reference_id": "RHSA-2024:4353", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4353" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4824", "reference_id": "RHSA-2024:4824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4824" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDVFUH7ACZPYB3BS4SVILNOY7NQU73VW/", "reference_id": "YDVFUH7ACZPYB3BS4SVILNOY7NQU73VW", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-09T19:14:56Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDVFUH7ACZPYB3BS4SVILNOY7NQU73VW/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932834?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932837?format=api", "purl": "pkg:deb/debian/nodejs@18.20.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-27983" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nenk-4cgd-fugv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83609?format=api", "vulnerability_id": "VCID-nkas-113k-wkbu", "summary": "nodejs: HTTP parser allowed for spaces inside Content-Length header values", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7159.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7159.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7159", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69108", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69213", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69217", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69202", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69174", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69124", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69145", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69126", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69176", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69195", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7159" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7159" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/" }, { "reference_url": "https://support.f5.com/csp/article/K27228191?utm_source=f5support&%3Butm_medium=RSS", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.f5.com/csp/article/K27228191?utm_source=f5support&%3Butm_medium=RSS" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561981", "reference_id": "1561981", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561981" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7159", "reference_id": "CVE-2018-7159", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7159" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2949", "reference_id": "RHSA-2018:2949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2258", "reference_id": "RHSA-2019:2258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2258" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932813?format=api", "purl": "pkg:deb/debian/nodejs@8.11.1~dfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@8.11.1~dfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-7159" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nkas-113k-wkbu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62494?format=api", "vulnerability_id": "VCID-p31t-nxwe-yyf2", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32558.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32558.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32558", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41223", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41253", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41179", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41227", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41236", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41258", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41226", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41212", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41255", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32558" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230952", "reference_id": "2230952", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230952" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-32558" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p31t-nxwe-yyf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48265?format=api", "vulnerability_id": "VCID-p8ab-a4gk-eyd2", "summary": "Multiple vulnerabilities have been found in the Chromium web\n browser, the worst of which allows remote attackers to execute arbitrary\n code.", "references": [ { "reference_url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1080.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-1080.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2017-0002.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0336", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0336" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1669.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1669.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1669", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81796", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81898", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81879", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81867", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81861", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81807", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81829", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81827", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81853", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.8186", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1669" }, { "reference_url": "https://codereview.chromium.org/1945313002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://codereview.chromium.org/1945313002" }, { "reference_url": "https://crbug.com/606115", "reference_id": "", "reference_type": "", "scores": [], "url": "https://crbug.com/606115" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10403", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1668", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1674", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1674" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1675" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1676", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1677", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1679" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1683", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1683" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1686", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1686" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1687", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1687" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1688", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1688" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1689", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1689" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1692", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1693", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1693" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1694", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1694" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1695" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541", "reference_id": "", "reference_type": "", "scores": [], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3590", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3590" }, { "reference_url": "http://www.securityfocus.com/bid/90584", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/90584" }, { "reference_url": "http://www.securitytracker.com/id/1035872", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1035872" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2960-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-2960-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335449", "reference_id": "1335449", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335449" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:v8:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:google:v8:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:v8:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1669", "reference_id": "CVE-2016-1669", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1669" }, { "reference_url": "https://security.gentoo.org/glsa/201605-02", "reference_id": "GLSA-201605-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1080", "reference_id": "RHSA-2016:1080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0002", "reference_id": "RHSA-2017:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0879", "reference_id": "RHSA-2017:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0880", "reference_id": "RHSA-2017:0880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0881", "reference_id": "RHSA-2017:0881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0881" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0882", "reference_id": "RHSA-2017:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0882" }, { "reference_url": "https://usn.ubuntu.com/2960-1/", "reference_id": "USN-2960-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2960-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932806?format=api", "purl": "pkg:deb/debian/nodejs@4.4.6~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@4.4.6~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-1669" ], "risk_score": 4.2, "exploitability": "0.5", "weighted_severity": "8.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p8ab-a4gk-eyd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37589?format=api", "vulnerability_id": "VCID-p9sg-8byk-eydy", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37372.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37372.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-37372", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14969", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15203", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15172", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15134", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1507", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15193", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15261", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15064", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15152", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-37372" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336663", "reference_id": "2336663", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336663" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/19/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:37:14Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/19/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/11/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:37:14Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/11/6" }, { "reference_url": "https://security.gentoo.org/glsa/202505-11", "reference_id": "GLSA-202505-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-37372" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p9sg-8byk-eydy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266492?format=api", "vulnerability_id": "VCID-pd4q-4b15-gqey", "summary": "A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory.\r\n\r\nOn Windows, a path that does not start with the file separator is treated as relative to the current directory. \r\n\r\nThis vulnerability affects Windows users of `path.join` API.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23084", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01289", "scoring_system": "epss", "scoring_elements": "0.79677", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01289", "scoring_system": "epss", "scoring_elements": "0.79605", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01289", "scoring_system": "epss", "scoring_elements": "0.79671", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01289", "scoring_system": "epss", "scoring_elements": "0.79655", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01289", "scoring_system": "epss", "scoring_elements": "0.79648", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01289", "scoring_system": "epss", "scoring_elements": "0.79627", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01289", "scoring_system": "epss", "scoring_elements": "0.79614", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01289", "scoring_system": "epss", "scoring_elements": "0.79642", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01289", "scoring_system": "epss", "scoring_elements": "0.7965", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23084" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases", "reference_id": "january-2025-security-releases", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-28T15:07:59Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-23084" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pd4q-4b15-gqey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62472?format=api", "vulnerability_id": "VCID-pqnn-ers1-3fec", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22884.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22884.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22884", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.5038", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50512", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50484", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50469", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50436", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50465", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50419", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50472", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50507", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22884" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22883", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22883" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932024", "reference_id": "1932024", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932024" }, { "reference_url": "https://security.archlinux.org/AVG-1604", "reference_id": "AVG-1604", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1604" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0734", "reference_id": "RHSA-2021:0734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0735", "reference_id": "RHSA-2021:0735", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0735" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0738", "reference_id": "RHSA-2021:0738", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0738" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0739", "reference_id": "RHSA-2021:0739", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0739" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0740", "reference_id": "RHSA-2021:0740", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0740" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0741", "reference_id": "RHSA-2021:0741", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0741" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0744", "reference_id": "RHSA-2021:0744", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0744" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0827", "reference_id": "RHSA-2021:0827", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0827" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0830", "reference_id": "RHSA-2021:0830", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0830" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0831", "reference_id": "RHSA-2021:0831", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0831" }, { "reference_url": "https://usn.ubuntu.com/6418-1/", "reference_id": "USN-6418-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6418-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932820?format=api", "purl": "pkg:deb/debian/nodejs@12.21.0~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.21.0~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-22884" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pqnn-ers1-3fec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83865?format=api", "vulnerability_id": "VCID-pwe6-zwyr-nqhy", "summary": "nodejs: DoS via specific windowBits value", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14919.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14919.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14919", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.738", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.73751", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.73763", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.73786", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.73767", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.73759", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01045", "scoring_system": "epss", "scoring_elements": "0.7743", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01045", "scoring_system": "epss", "scoring_elements": "0.77436", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01045", "scoring_system": "epss", "scoring_elements": "0.77462", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01045", "scoring_system": "epss", "scoring_elements": "0.77441", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14919" }, { "reference_url": "https://nodejs.org/en/blog/release/v4.8.5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/release/v4.8.5/" }, { "reference_url": "https://nodejs.org/en/blog/release/v6.11.5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/release/v6.11.5/" }, { "reference_url": "https://nodejs.org/en/blog/release/v8.8.0/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/release/v8.8.0/" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/oct-2017-dos/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/oct-2017-dos/" }, { "reference_url": "http://www.securityfocus.com/bid/101881", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101881" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1516175", "reference_id": "1516175", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1516175" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.8.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.8.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.8.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:4.8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:4.8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.10.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:6.10.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.10.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.10.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:6.10.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.10.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.11.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:6.11.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.11.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.11.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:6.11.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.11.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.11.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:6.11.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.11.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.11.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:6.11.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.11.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.11.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:6.11.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:6.11.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:8.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:8.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:8.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:8.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:8.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:8.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:8.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:8.5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:8.6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:8.7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:8.7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14919", "reference_id": "CVE-2017-14919", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14919" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-14919" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pwe6-zwyr-nqhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62487?format=api", "vulnerability_id": "VCID-q75s-43sx-4kbg", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30588.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30588.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30588", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.0854", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08594", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08512", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08585", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08605", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08602", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08582", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08566", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08458", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30588" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990", "reference_id": "1039990", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219838", "reference_id": "2219838", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219838" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4330", "reference_id": "RHSA-2023:4330", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4330" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4331", "reference_id": "RHSA-2023:4331", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4331" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4536", "reference_id": "RHSA-2023:4536", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4537", "reference_id": "RHSA-2023:4537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5361", "reference_id": "RHSA-2023:5361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5533", "reference_id": "RHSA-2023:5533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5533" }, { "reference_url": "https://usn.ubuntu.com/6735-1/", "reference_id": "USN-6735-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6735-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932833?format=api", "purl": "pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.13.0%252Bdfsg1-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932831?format=api", "purl": "pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.0%252Bdfsg-6~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-30588" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q75s-43sx-4kbg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62471?format=api", "vulnerability_id": "VCID-q8th-849w-bfhp", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22883.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22883.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22883", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.89427", "scoring_system": "epss", "scoring_elements": "0.99544", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.89427", "scoring_system": "epss", "scoring_elements": "0.9955", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.89427", "scoring_system": "epss", "scoring_elements": "0.99547", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.89427", "scoring_system": "epss", "scoring_elements": "0.99548", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.89427", "scoring_system": "epss", "scoring_elements": "0.99545", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.89427", "scoring_system": "epss", "scoring_elements": "0.99546", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22883" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22883", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22883" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932014", "reference_id": "1932014", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932014" }, { "reference_url": "https://security.archlinux.org/AVG-1604", "reference_id": "AVG-1604", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1604" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0734", "reference_id": "RHSA-2021:0734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0735", "reference_id": "RHSA-2021:0735", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0735" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0738", "reference_id": "RHSA-2021:0738", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0738" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0739", "reference_id": "RHSA-2021:0739", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0739" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0740", "reference_id": "RHSA-2021:0740", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0740" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0741", "reference_id": "RHSA-2021:0741", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0741" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0744", "reference_id": "RHSA-2021:0744", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0744" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0827", "reference_id": "RHSA-2021:0827", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0827" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0830", "reference_id": "RHSA-2021:0830", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0830" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0831", "reference_id": "RHSA-2021:0831", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0831" }, { "reference_url": "https://usn.ubuntu.com/6418-1/", "reference_id": "USN-6418-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6418-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932820?format=api", "purl": "pkg:deb/debian/nodejs@12.21.0~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.21.0~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-22883" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q8th-849w-bfhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57386?format=api", "vulnerability_id": "VCID-r8jj-tkxd-5qg8", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7162.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7162.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7162", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77114", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77215", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77179", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77175", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.7712", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77149", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77131", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77164", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77173", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.772", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7162" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" }, { "reference_url": "https://security.gentoo.org/glsa/202003-48", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-48" }, { "reference_url": "http://www.securityfocus.com/bid/104468", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104468" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591018", "reference_id": "1591018", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591018" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7162", "reference_id": "CVE-2018-7162", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7162" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932810?format=api", "purl": "pkg:deb/debian/nodejs@10.15.0~dfsg-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.15.0~dfsg-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-7162" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r8jj-tkxd-5qg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62491?format=api", "vulnerability_id": "VCID-rg1f-5nhq-m7ea", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32004.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32004.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32004", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30769", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30664", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30818", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30635", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30693", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30725", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30729", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30683", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30639", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32004" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2038134", "reference_id": "2038134", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:19:44Z/" } ], "url": "https://hackerone.com/reports/2038134" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230951", "reference_id": "2230951", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230951" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/", "reference_id": "JQPELKG2LVTADSB7ME73AV4DXQK47PWK", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:19:44Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230915-0009/", "reference_id": "ntap-20230915-0009", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:19:44Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230915-0009/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX/", "reference_id": "PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:19:44Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-32004" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rg1f-5nhq-m7ea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57388?format=api", "vulnerability_id": "VCID-rhxy-h93e-y3d4", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7167.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00756", "scoring_system": "epss", "scoring_elements": "0.73298", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00756", "scoring_system": "epss", "scoring_elements": "0.73283", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00756", "scoring_system": "epss", "scoring_elements": "0.73262", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00756", "scoring_system": "epss", "scoring_elements": "0.73255", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00815", "scoring_system": "epss", "scoring_elements": "0.74244", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00815", "scoring_system": "epss", "scoring_elements": "0.74271", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00815", "scoring_system": "epss", "scoring_elements": "0.74277", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00815", "scoring_system": "epss", "scoring_elements": "0.74292", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00815", "scoring_system": "epss", "scoring_elements": "0.74239", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" }, { "reference_url": "https://security.gentoo.org/glsa/202003-48", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-48" }, { "reference_url": "http://www.securityfocus.com/bid/106363", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106363" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591006", "reference_id": "1591006", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591006" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7167", "reference_id": "CVE-2018-7167", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7167" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2949", "reference_id": "RHSA-2018:2949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2949" }, { "reference_url": "https://usn.ubuntu.com/USN-4796-1/", "reference_id": "USN-USN-4796-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4796-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932810?format=api", "purl": "pkg:deb/debian/nodejs@10.15.0~dfsg-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.15.0~dfsg-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-7167" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rhxy-h93e-y3d4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37532?format=api", "vulnerability_id": "VCID-s1a4-9r1m-8uaw", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39332.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39332.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39332", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68556", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68643", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68604", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68621", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68646", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68634", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68575", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68553", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39332" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2199818", "reference_id": "2199818", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-13T14:54:41Z/" } ], "url": "https://hackerone.com/reports/2199818" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244414", "reference_id": "2244414", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244414" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", "reference_id": "3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-13T14:54:41Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/" }, { "reference_url": "https://security.gentoo.org/glsa/202505-11", "reference_id": "GLSA-202505-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-11" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231116-0009/", "reference_id": "ntap-20231116-0009", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-13T14:54:41Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20231116-0009/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7205", "reference_id": "RHSA-2023:7205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7205" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-39332" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s1a4-9r1m-8uaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62489?format=api", "vulnerability_id": "VCID-sag8-repb-g3f4", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32002.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32002.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12197", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.11987", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12126", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12177", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12184", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12148", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12116", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12243", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12044", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32002" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32002" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050739", "reference_id": "1050739", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050739" }, { "reference_url": "https://hackerone.com/reports/1960870", "reference_id": "1960870", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-02T14:47:51Z/" } ], "url": "https://hackerone.com/reports/1960870" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230948", "reference_id": "2230948", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230948" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230915-0009/", "reference_id": "ntap-20230915-0009", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-02T14:47:51Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230915-0009/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5360", "reference_id": "RHSA-2023:5360", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5360" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5361", "reference_id": "RHSA-2023:5361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5362", "reference_id": "RHSA-2023:5362", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5362" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5363", "reference_id": "RHSA-2023:5363", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5532", "reference_id": "RHSA-2023:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5532" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5533", "reference_id": "RHSA-2023:5533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5533" }, { "reference_url": "https://usn.ubuntu.com/6822-1/", "reference_id": "USN-6822-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6822-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932833?format=api", "purl": "pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.13.0%252Bdfsg1-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932831?format=api", "purl": "pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.0%252Bdfsg-6~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-32002" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sag8-repb-g3f4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62102?format=api", "vulnerability_id": "VCID-srpj-seee-xyhm", "summary": "Multiple vulnerabilities have been found in the Chromium web\n browser, the worst of which allows remote attackers to execute arbitrary\n code.", "references": [ { "reference_url": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6764.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6764.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-6764", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13882", "scoring_system": "epss", "scoring_elements": "0.94319", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.13882", "scoring_system": "epss", "scoring_elements": "0.94304", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.13882", "scoring_system": "epss", "scoring_elements": "0.94263", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.13882", "scoring_system": "epss", "scoring_elements": "0.94272", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.13882", "scoring_system": "epss", "scoring_elements": "0.94283", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.13882", "scoring_system": "epss", "scoring_elements": "0.94284", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.13882", "scoring_system": "epss", "scoring_elements": "0.94294", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.13882", "scoring_system": "epss", "scoring_elements": "0.94298", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.13882", "scoring_system": "epss", "scoring_elements": "0.94302", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-6764" }, { "reference_url": "https://chromium.googlesource.com/v8/v8/+/6df9a1db8c85ab63dee63879456b6027df53fabc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://chromium.googlesource.com/v8/v8/+/6df9a1db8c85ab63dee63879456b6027df53fabc" }, { "reference_url": "https://code.google.com/p/chromium/issues/detail?id=554946", "reference_id": "", "reference_type": "", "scores": [], "url": "https://code.google.com/p/chromium/issues/detail?id=554946" }, { "reference_url": "https://codereview.chromium.org/1440223002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://codereview.chromium.org/1440223002" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6766", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6766" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6767" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6768", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6768" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6769", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6769" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6770", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6770" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6778" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6780", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6780" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6781", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6781" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6782", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6782" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6786" }, { "reference_url": "http://www.debian.org/security/2015/dsa-3415", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2015/dsa-3415" }, { "reference_url": "http://www.securityfocus.com/bid/78209", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/78209" }, { "reference_url": "http://www.securitytracker.com/id/1034298", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1034298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1285774", "reference_id": "1285774", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1285774" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806385", "reference_id": "806385", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806385" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6764", "reference_id": "CVE-2015-6764", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6764" }, { "reference_url": "https://security.gentoo.org/glsa/201603-09", "reference_id": "GLSA-201603-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201603-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2545", "reference_id": "RHSA-2015:2545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2545" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932804?format=api", "purl": "pkg:deb/debian/nodejs@4.2.3~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@4.2.3~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-6764" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-srpj-seee-xyhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62484?format=api", "vulnerability_id": "VCID-sthj-jvke-tyg7", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30584.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30584.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30584", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01882", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01855", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01879", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01874", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01895", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01894", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01897", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0191", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30584" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219829", "reference_id": "2219829", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219829" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases", "reference_id": "june-2023-security-releases", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T18:33:59Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-30584" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sthj-jvke-tyg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11473?format=api", "vulnerability_id": "VCID-tnhd-rr89-9udh", "summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')\nThe parse function in llhttp ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22960.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22960.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22960", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45642", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45779", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45751", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45721", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45709", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45729", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45677", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45733", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1238099", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1238099" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014059", "reference_id": "2014059", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014059" }, { "reference_url": "https://security.archlinux.org/ASA-202110-4", "reference_id": "ASA-202110-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202110-4" }, { "reference_url": "https://security.archlinux.org/AVG-2460", "reference_id": "AVG-2460", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2460" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960", "reference_id": "CVE-2021-22960", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5171", "reference_id": "RHSA-2021:5171", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5171" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0041", "reference_id": "RHSA-2022:0041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0246", "reference_id": "RHSA-2022:0246", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0246" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0350", "reference_id": "RHSA-2022:0350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4914", "reference_id": "RHSA-2022:4914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4914" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932824?format=api", "purl": "pkg:deb/debian/nodejs@12.22.7~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.7~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932825?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-22960" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tnhd-rr89-9udh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266476?format=api", "vulnerability_id": "VCID-tpck-fwrj-ruaq", "summary": "Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\\Program Files\\Common Files\\SSL\\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32223", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06141", "scoring_system": "epss", "scoring_elements": "0.90837", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.06141", "scoring_system": "epss", "scoring_elements": "0.90772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06141", "scoring_system": "epss", "scoring_elements": "0.90783", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06141", "scoring_system": "epss", "scoring_elements": "0.90793", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06141", "scoring_system": "epss", "scoring_elements": "0.90804", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06141", "scoring_system": "epss", "scoring_elements": "0.90811", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06141", "scoring_system": "epss", "scoring_elements": "0.90819", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06141", "scoring_system": "epss", "scoring_elements": "0.9082", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06141", "scoring_system": "epss", "scoring_elements": "0.90818", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32223" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-32223" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tpck-fwrj-ruaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57380?format=api", "vulnerability_id": "VCID-tqg7-dw5d-z3et", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12115.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12115.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12115", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.73956", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.73963", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.73988", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.73959", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.73993", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74007", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74029", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74011", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74004", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74043", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12115" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12115", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12115" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620219", "reference_id": "1620219", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2552", "reference_id": "RHSA-2018:2552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2553", "reference_id": "RHSA-2018:2553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2944", "reference_id": "RHSA-2018:2944", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2949", "reference_id": "RHSA-2018:2949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2949" }, { "reference_url": "https://usn.ubuntu.com/USN-4796-1/", "reference_id": "USN-USN-4796-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4796-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932810?format=api", "purl": "pkg:deb/debian/nodejs@10.15.0~dfsg-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.15.0~dfsg-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-12115" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tqg7-dw5d-z3et" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63921?format=api", "vulnerability_id": "VCID-twc8-ewm7-wkb1", "summary": "nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21716.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21716.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21716", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00177", "published_at": "2026-04-02T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00199", "published_at": "2026-04-16T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00169", "published_at": "2026-04-04T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00196", "published_at": "2026-04-09T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00198", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21716" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21716", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21716" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453157", "reference_id": "2453157", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453157" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases", "reference_id": "march-2026-security-releases", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:27:06Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7350", "reference_id": "RHSA-2026:7350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7670", "reference_id": "RHSA-2026:7670", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7670" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7675", "reference_id": "RHSA-2026:7675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7675" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932844?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-21716" ], "risk_score": 1.7, "exploitability": "0.5", "weighted_severity": "3.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-twc8-ewm7-wkb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64949?format=api", "vulnerability_id": "VCID-u8bq-8jp4-jkem", "summary": "nodejs: Nodejs denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59466.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59466.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59466", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0809", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0803", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0816", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0814", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08123", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08133", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08085", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08146", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08168", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59466" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431343", "reference_id": "2431343", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431343" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases", "reference_id": "december-2025-security-releases", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T18:38:35Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1842", "reference_id": "RHSA-2026:1842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1843", "reference_id": "RHSA-2026:1843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2420", "reference_id": "RHSA-2026:2420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2420" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2421", "reference_id": "RHSA-2026:2421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2422", "reference_id": "RHSA-2026:2422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2767", "reference_id": "RHSA-2026:2767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2767" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2768", "reference_id": "RHSA-2026:2768", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2781", "reference_id": "RHSA-2026:2781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2782", "reference_id": "RHSA-2026:2782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2783", "reference_id": "RHSA-2026:2783", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2783" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2864", "reference_id": "RHSA-2026:2864", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2899", "reference_id": "RHSA-2026:2899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2899" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932840?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932843?format=api", "purl": "pkg:deb/debian/nodejs@22.22.0%2Bdfsg%2B~cs22.19.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.0%252Bdfsg%252B~cs22.19.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-59466" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u8bq-8jp4-jkem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14481?format=api", "vulnerability_id": "VCID-u8pe-48f4-abc9", "summary": "Authentication Bypass by Spoofing\nThe Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7160.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7160.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7160", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81177", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81075", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81084", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81109", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81108", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81136", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81142", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.8116", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81147", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.8114", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7160" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/nodejs/node/commit/e3950d1a402b80e4098a40aacddd6a104da0cfa9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nodejs/node/commit/e3950d1a402b80e4098a40aacddd6a104da0cfa9" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/" }, { "reference_url": "https://support.f5.com/csp/article/K63025104?utm_source=f5support&%3Butm_medium=RSS", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.f5.com/csp/article/K63025104?utm_source=f5support&%3Butm_medium=RSS" }, { "reference_url": "https://support.f5.com/csp/article/K63025104?utm_source=f5support&utm_medium=RSS", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.f5.com/csp/article/K63025104?utm_source=f5support&utm_medium=RSS" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561979", "reference_id": "1561979", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561979" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160", "reference_id": "CVE-2018-7160", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160" }, { "reference_url": "https://github.com/advisories/GHSA-wq4c-wm6x-jw44", "reference_id": "GHSA-wq4c-wm6x-jw44", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wq4c-wm6x-jw44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2949", "reference_id": "RHSA-2018:2949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2949" }, { "reference_url": "https://usn.ubuntu.com/USN-4796-1/", "reference_id": "USN-USN-4796-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4796-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932813?format=api", "purl": "pkg:deb/debian/nodejs@8.11.1~dfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@8.11.1~dfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-7160", "GHSA-wq4c-wm6x-jw44" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u8pe-48f4-abc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62483?format=api", "vulnerability_id": "VCID-ueyx-hwjr-fuhq", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30583.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30583.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30583", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05743", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05769", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05812", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05805", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05784", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05778", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05818", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05843", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05821", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30583" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219833", "reference_id": "2219833", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219833" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases", "reference_id": "june-2023-security-releases", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-09T18:28:41Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-30583" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ueyx-hwjr-fuhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62490?format=api", "vulnerability_id": "VCID-uftn-4gjb-dqe6", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32003.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32003.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32003", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19891", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19683", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19947", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19674", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19754", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19805", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.1981", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19765", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19708", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32003" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2037887", "reference_id": "2037887", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:15:53Z/" } ], "url": "https://hackerone.com/reports/2037887" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230959", "reference_id": "2230959", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230959" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/", "reference_id": "JQPELKG2LVTADSB7ME73AV4DXQK47PWK", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:15:53Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230915-0009/", "reference_id": "ntap-20230915-0009", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:15:53Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230915-0009/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX/", "reference_id": "PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:15:53Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-32003" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uftn-4gjb-dqe6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57392?format=api", "vulnerability_id": "VCID-us11-vy4j-pfd2", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00059.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00059.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1821", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1821" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5737.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5737.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5737", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.96272", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.96319", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.96303", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.96307", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.9631", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.96279", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.96287", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.96291", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.26351", "scoring_system": "epss", "scoring_elements": "0.963", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5737" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5737", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5737" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/" }, { "reference_url": "https://security.gentoo.org/glsa/202003-48", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-48" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190502-0008/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190502-0008/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1690808", "reference_id": "1690808", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1690808" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5737", "reference_id": "CVE-2019-5737", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5737" }, { "reference_url": "https://usn.ubuntu.com/USN-4796-1/", "reference_id": "USN-USN-4796-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4796-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932815?format=api", "purl": "pkg:deb/debian/nodejs@10.15.2~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.15.2~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-5737" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-us11-vy4j-pfd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83608?format=api", "vulnerability_id": "VCID-usab-z8q8-7qd8", "summary": "nodejs: path module regular expression denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7158.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7158.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7158", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01264", "scoring_system": "epss", "scoring_elements": "0.79394", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01264", "scoring_system": "epss", "scoring_elements": "0.79474", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01264", "scoring_system": "epss", "scoring_elements": "0.7947", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01264", "scoring_system": "epss", "scoring_elements": "0.79454", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01264", "scoring_system": "epss", "scoring_elements": "0.79443", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01264", "scoring_system": "epss", "scoring_elements": "0.79401", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01264", "scoring_system": "epss", "scoring_elements": "0.79424", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01264", "scoring_system": "epss", "scoring_elements": "0.79411", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01264", "scoring_system": "epss", "scoring_elements": "0.79438", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01264", "scoring_system": "epss", "scoring_elements": "0.79447", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7158" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561980", "reference_id": "1561980", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561980" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7158", "reference_id": "CVE-2018-7158", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7158" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932812?format=api", "purl": "pkg:deb/debian/nodejs@6.0.0~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@6.0.0~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-7158" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-usab-z8q8-7qd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62477?format=api", "vulnerability_id": "VCID-v3uy-dqn9-qye5", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32222.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32222.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32222", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.69973", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.69987", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.69964", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70012", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70028", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70051", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70036", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70023", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70066", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32222" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105424", "reference_id": "2105424", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105424" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-32222" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v3uy-dqn9-qye5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64951?format=api", "vulnerability_id": "VCID-v7uy-445x-tuan", "summary": "nodejs: Nodejs denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59465.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59465.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59465", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.2297", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22871", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.2295", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22913", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22856", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.23014", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22805", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22879", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22931", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59465" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59465", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59465" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431349", "reference_id": "2431349", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431349" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases", "reference_id": "december-2025-security-releases", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-21T20:10:32Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1842", "reference_id": "RHSA-2026:1842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1843", "reference_id": "RHSA-2026:1843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2420", "reference_id": "RHSA-2026:2420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2420" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2421", "reference_id": "RHSA-2026:2421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2422", "reference_id": "RHSA-2026:2422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2767", "reference_id": "RHSA-2026:2767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2767" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2768", "reference_id": "RHSA-2026:2768", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2781", "reference_id": "RHSA-2026:2781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2782", "reference_id": "RHSA-2026:2782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2783", "reference_id": "RHSA-2026:2783", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2783" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2864", "reference_id": "RHSA-2026:2864", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2899", "reference_id": "RHSA-2026:2899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2899" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932840?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932843?format=api", "purl": "pkg:deb/debian/nodejs@22.22.0%2Bdfsg%2B~cs22.19.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.0%252Bdfsg%252B~cs22.19.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-59465" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v7uy-445x-tuan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37550?format=api", "vulnerability_id": "VCID-vhg4-51cg-ebaa", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21891.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21891.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21891", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.4653", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46443", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46463", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46412", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46468", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46492", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46472", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21891" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2259914", "reference_id": "2259914", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-20T17:59:04Z/" } ], "url": "https://hackerone.com/reports/2259914" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265720", "reference_id": "2265720", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265720" }, { "reference_url": "https://security.gentoo.org/glsa/202505-11", "reference_id": "GLSA-202505-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-11" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240315-0005/", "reference_id": "ntap-20240315-0005", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-20T17:59:04Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240315-0005/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1687", "reference_id": "RHSA-2024:1687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1688", "reference_id": "RHSA-2024:1688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1688" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-21891" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vhg4-51cg-ebaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37562?format=api", "vulnerability_id": "VCID-vkvx-gxbu-3uau", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22019.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22019.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22019", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0038", "scoring_system": "epss", "scoring_elements": "0.59524", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0038", "scoring_system": "epss", "scoring_elements": "0.59475", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0038", "scoring_system": "epss", "scoring_elements": "0.59442", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0038", "scoring_system": "epss", "scoring_elements": "0.59493", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0038", "scoring_system": "epss", "scoring_elements": "0.59506", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0038", "scoring_system": "epss", "scoring_elements": "0.59525", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0038", "scoring_system": "epss", "scoring_elements": "0.59509", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0038", "scoring_system": "epss", "scoring_elements": "0.5949", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0038", "scoring_system": "epss", "scoring_elements": "0.5945", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22019" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055", "reference_id": "1064055", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055" }, { "reference_url": "https://hackerone.com/reports/2233486", "reference_id": "2233486", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T21:15:49Z/" } ], "url": "https://hackerone.com/reports/2233486" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264574", "reference_id": "2264574", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264574" }, { "reference_url": "https://security.gentoo.org/glsa/202505-11", "reference_id": "GLSA-202505-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-11" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240315-0004/", "reference_id": "ntap-20240315-0004", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T21:15:49Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240315-0004/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1354", "reference_id": "RHSA-2024:1354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1424", "reference_id": "RHSA-2024:1424", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1424" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1438", "reference_id": "RHSA-2024:1438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1444", "reference_id": "RHSA-2024:1444", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1503", "reference_id": "RHSA-2024:1503", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1503" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1510", "reference_id": "RHSA-2024:1510", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1510" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1678", "reference_id": "RHSA-2024:1678", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1678" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1687", "reference_id": "RHSA-2024:1687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1688", "reference_id": "RHSA-2024:1688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1880", "reference_id": "RHSA-2024:1880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1932", "reference_id": "RHSA-2024:1932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2651", "reference_id": "RHSA-2024:2651", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2651" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2793", "reference_id": "RHSA-2024:2793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2793" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932834?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932835?format=api", "purl": "pkg:deb/debian/nodejs@18.19.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-22019" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vkvx-gxbu-3uau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37558?format=api", "vulnerability_id": "VCID-w6yn-qt4p-vudt", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22018.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22018.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22018", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43733", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43711", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43646", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43697", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43701", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.4372", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43689", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43672", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43687", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22018" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2145862", "reference_id": "2145862", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T16:07:56Z/" } ], "url": "https://hackerone.com/reports/2145862" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296990", "reference_id": "2296990", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296990" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/19/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T16:07:56Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/19/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/11/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T16:07:56Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/11/6" }, { "reference_url": "https://security.gentoo.org/glsa/202505-11", "reference_id": "GLSA-202505-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5814", "reference_id": "RHSA-2024:5814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5814" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5815", "reference_id": "RHSA-2024:5815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5815" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932836?format=api", "purl": "pkg:deb/debian/nodejs@20.15.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.15.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-22018" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w6yn-qt4p-vudt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31261?format=api", "vulnerability_id": "VCID-wf5t-3pwz-c7d7", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23085.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23085.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23085", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37451", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3744", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37452", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37466", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37431", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37404", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38175", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38197", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38068", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23085", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23085" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094134", "reference_id": "1094134", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094134" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618", "reference_id": "2342618", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618" }, { "reference_url": "https://security.gentoo.org/glsa/202506-08", "reference_id": "GLSA-202506-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202506-08" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases", "reference_id": "january-2025-security-releases", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-07T15:50:24Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1351", "reference_id": "RHSA-2025:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1351" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1443", "reference_id": "RHSA-2025:1443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1446", "reference_id": "RHSA-2025:1446", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1446" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1582", "reference_id": "RHSA-2025:1582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1611", "reference_id": "RHSA-2025:1611", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1611" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1613", "reference_id": "RHSA-2025:1613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1613" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932839?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932838?format=api", "purl": "pkg:deb/debian/nodejs@20.18.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.18.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932840?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-23085" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wf5t-3pwz-c7d7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57391?format=api", "vulnerability_id": "VCID-wpfq-sq11-fqa9", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15606.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15606.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15606", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.79948", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.79955", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.79976", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.79965", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.79993", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.80002", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.80022", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.80006", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.79998", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01338", "scoring_system": "epss", "scoring_elements": "0.80027", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366", "reference_id": "1800366", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0598", "reference_id": "RHSA-2020:0598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0598" }, { "reference_url": "https://usn.ubuntu.com/6380-1/", "reference_id": "USN-6380-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6380-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932814?format=api", "purl": "pkg:deb/debian/nodejs@10.19.0~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.19.0~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-15606" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wpfq-sq11-fqa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62476?format=api", "vulnerability_id": "VCID-wzcw-dd7m-zkaz", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32215.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32215.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32215", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.87391", "scoring_system": "epss", "scoring_elements": "0.99459", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.88764", "scoring_system": "epss", "scoring_elements": "0.99508", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.88764", "scoring_system": "epss", "scoring_elements": "0.9951", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.88764", "scoring_system": "epss", "scoring_elements": "0.99511", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.88764", "scoring_system": "epss", "scoring_elements": "0.99512", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.88764", "scoring_system": "epss", "scoring_elements": "0.99513", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1501679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1501679" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105426", "reference_id": "2105426", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105426" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32215", "reference_id": "CVE-2022-32215", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32215" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6389", "reference_id": "RHSA-2022:6389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6448", "reference_id": "RHSA-2022:6448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6449", "reference_id": "RHSA-2022:6449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6595", "reference_id": "RHSA-2022:6595", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6595" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6985", "reference_id": "RHSA-2022:6985", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6985" }, { "reference_url": "https://usn.ubuntu.com/6491-1/", "reference_id": "USN-6491-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6491-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932828?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932827?format=api", "purl": "pkg:deb/debian/nodejs@18.6.0%2Bdfsg-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.6.0%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-32215" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wzcw-dd7m-zkaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64953?format=api", "vulnerability_id": "VCID-x1an-pjq4-nbby", "summary": "nodejs: Nodejs file permissions bypass", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55130.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55130.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55130", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02953", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02906", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02964", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02941", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02932", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02968", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02976", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02977", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03002", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55130" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55130" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431352", "reference_id": "2431352", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431352" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases", "reference_id": "december-2025-security-releases", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:29Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1842", "reference_id": "RHSA-2026:1842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1843", "reference_id": "RHSA-2026:1843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2420", "reference_id": "RHSA-2026:2420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2420" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2421", "reference_id": "RHSA-2026:2421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2422", "reference_id": "RHSA-2026:2422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2767", "reference_id": "RHSA-2026:2767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2767" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2768", "reference_id": "RHSA-2026:2768", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2781", "reference_id": "RHSA-2026:2781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2782", "reference_id": "RHSA-2026:2782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2783", "reference_id": "RHSA-2026:2783", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2783" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2864", "reference_id": "RHSA-2026:2864", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2899", "reference_id": "RHSA-2026:2899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2899" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932840?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932843?format=api", "purl": "pkg:deb/debian/nodejs@22.22.0%2Bdfsg%2B~cs22.19.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.0%252Bdfsg%252B~cs22.19.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-55130" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x1an-pjq4-nbby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48668?format=api", "vulnerability_id": "VCID-xeay-8ec9-4bdd", "summary": "Multiple vulnerabilities have been found in NodeJS, the worst of\n which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8174.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8174.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8174", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01491", "scoring_system": "epss", "scoring_elements": "0.80994", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01491", "scoring_system": "epss", "scoring_elements": "0.81003", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01491", "scoring_system": "epss", "scoring_elements": "0.81027", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01491", "scoring_system": "epss", "scoring_elements": "0.81025", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01491", "scoring_system": "epss", "scoring_elements": "0.81053", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01491", "scoring_system": "epss", "scoring_elements": "0.8106", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01491", "scoring_system": "epss", "scoring_elements": "0.81078", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01491", "scoring_system": "epss", "scoring_elements": "0.81064", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01491", "scoring_system": "epss", "scoring_elements": "0.81056", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01491", "scoring_system": "epss", "scoring_elements": "0.81094", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8174" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845256", "reference_id": "1845256", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845256" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145", "reference_id": "962145", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2847", "reference_id": "RHSA-2020:2847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2848", "reference_id": "RHSA-2020:2848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2849", "reference_id": "RHSA-2020:2849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2852", "reference_id": "RHSA-2020:2852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2852" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2895", "reference_id": "RHSA-2020:2895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3042", "reference_id": "RHSA-2020:3042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3084", "reference_id": "RHSA-2020:3084", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3084" }, { "reference_url": "https://usn.ubuntu.com/6380-1/", "reference_id": "USN-6380-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6380-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932817?format=api", "purl": "pkg:deb/debian/nodejs@10.21.0~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.21.0~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-8174" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xeay-8ec9-4bdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63922?format=api", "vulnerability_id": "VCID-xert-byqc-xbe2", "summary": "Node.js: Node.js: Unauthorized inter-process communication due to missing Unix Domain Socket permission checks", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21711.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21711.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21711", "reference_id": "", "reference_type": "", "scores": [ { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.00125", "published_at": "2026-04-04T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00149", "published_at": "2026-04-16T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00147", "published_at": "2026-04-13T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00146", "published_at": "2026-04-08T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00148", "published_at": "2026-04-12T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00245", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21711" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453158", "reference_id": "2453158", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453158" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases", "reference_id": "march-2026-security-releases", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-01T15:02:57Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7350", "reference_id": "RHSA-2026:7350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7670", "reference_id": "RHSA-2026:7670", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7670" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7675", "reference_id": "RHSA-2026:7675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7675" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-21711" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xert-byqc-xbe2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69630?format=api", "vulnerability_id": "VCID-xkpz-pb5y-jqcy", "summary": "nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23166.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23166.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53731", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53629", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.5368", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53678", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53727", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53711", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53693", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53633", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53661", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23166" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105832", "reference_id": "1105832", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105832" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367163", "reference_id": "2367163", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367163" }, { "reference_url": "https://security.archlinux.org/ASA-202505-6", "reference_id": "ASA-202505-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202505-6" }, { "reference_url": "https://security.archlinux.org/ASA-202505-7", "reference_id": "ASA-202505-7", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202505-7" }, { "reference_url": "https://security.archlinux.org/ASA-202505-8", "reference_id": "ASA-202505-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202505-8" }, { "reference_url": "https://security.archlinux.org/AVG-2871", "reference_id": "AVG-2871", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2871" }, { "reference_url": "https://security.archlinux.org/AVG-2872", "reference_id": "AVG-2872", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2872" }, { "reference_url": "https://security.archlinux.org/AVG-2873", "reference_id": "AVG-2873", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2873" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/may-2025-security-releases", "reference_id": "may-2025-security-releases", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-19T14:11:17Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/may-2025-security-releases" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8467", "reference_id": "RHSA-2025:8467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8468", "reference_id": "RHSA-2025:8468", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8468" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8493", "reference_id": "RHSA-2025:8493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8506", "reference_id": "RHSA-2025:8506", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8506" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8514", "reference_id": "RHSA-2025:8514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8902", "reference_id": "RHSA-2025:8902", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8902" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-23166" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xkpz-pb5y-jqcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62478?format=api", "vulnerability_id": "VCID-xnzh-wpd4-63f9", "summary": "Multiple vulnerabilities have been discovered in Node.js.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35255.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35255.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35255", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01191", "scoring_system": "epss", "scoring_elements": "0.78851", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01191", "scoring_system": "epss", "scoring_elements": "0.78841", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01191", "scoring_system": "epss", "scoring_elements": "0.78829", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01191", "scoring_system": "epss", "scoring_elements": "0.78812", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01191", "scoring_system": "epss", "scoring_elements": "0.78838", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01191", "scoring_system": "epss", "scoring_elements": "0.78844", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01191", "scoring_system": "epss", "scoring_elements": "0.78868", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01191", "scoring_system": "epss", "scoring_elements": "0.788", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01191", "scoring_system": "epss", "scoring_elements": "0.78869", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1690000", "reference_id": "1690000", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-24T13:23:49Z/" } ], "url": "https://hackerone.com/reports/1690000" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130517", "reference_id": "2130517", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130517" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230113-0002/", "reference_id": "ntap-20230113-0002", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-24T13:23:49Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230113-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6963", "reference_id": "RHSA-2022:6963", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6963" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6964", "reference_id": "RHSA-2022:6964", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6964" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7821", "reference_id": "RHSA-2022:7821", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7821" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932828?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932829?format=api", "purl": "pkg:deb/debian/nodejs@18.10.0%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.10.0%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-35255" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xnzh-wpd4-63f9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92660?format=api", "vulnerability_id": "VCID-xq3f-g8n8-tffp", "summary": "The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9748", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.64993", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65043", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65069", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65031", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65081", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65094", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65113", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65103", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65075", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65111", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9748" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9748", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9748" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932802?format=api", "purl": "pkg:deb/debian/nodejs@4.0.0~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@4.0.0~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-9748" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xq3f-g8n8-tffp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37554?format=api", "vulnerability_id": "VCID-xva8-adbf-87h3", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22017.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22017.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22017", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.70418", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00637", "scoring_system": "epss", "scoring_elements": "0.70435", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00876", "scoring_system": "epss", "scoring_elements": "0.75311", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00876", "scoring_system": "epss", "scoring_elements": "0.75299", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00876", "scoring_system": "epss", "scoring_elements": "0.7531", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00876", "scoring_system": "epss", "scoring_elements": "0.75332", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00876", "scoring_system": "epss", "scoring_elements": "0.75257", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00876", "scoring_system": "epss", "scoring_elements": "0.753", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00876", "scoring_system": "epss", "scoring_elements": "0.75338", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22017" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2170226", "reference_id": "2170226", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-07T04:00:22Z/" } ], "url": "https://hackerone.com/reports/2170226" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265727", "reference_id": "2265727", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265727" }, { "reference_url": "https://security.gentoo.org/glsa/202505-11", "reference_id": "GLSA-202505-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-11" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240517-0007/", "reference_id": "ntap-20240517-0007", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-07T04:00:22Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240517-0007/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1687", "reference_id": "RHSA-2024:1687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1688", "reference_id": "RHSA-2024:1688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1688" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-22017" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xva8-adbf-87h3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31260?format=api", "vulnerability_id": "VCID-ydzj-e97m-k3cp", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23083.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23083.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23083", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28663", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28548", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28621", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28578", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28529", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28709", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28514", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28579", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28619", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23083" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094134", "reference_id": "1094134", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094134" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392", "reference_id": "2339392", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392" }, { "reference_url": "https://security.gentoo.org/glsa/202506-08", "reference_id": "GLSA-202506-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202506-08" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases", "reference_id": "january-2025-security-releases", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-28T04:55:27Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1351", "reference_id": "RHSA-2025:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1351" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1443", "reference_id": "RHSA-2025:1443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1522", "reference_id": "RHSA-2025:1522", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1522" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1611", "reference_id": "RHSA-2025:1611", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1611" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1613", "reference_id": "RHSA-2025:1613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1613" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932838?format=api", "purl": "pkg:deb/debian/nodejs@20.18.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.18.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-23083" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ydzj-e97m-k3cp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37537?format=api", "vulnerability_id": "VCID-yxvf-4pb4-d7ec", "summary": "Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39333.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39333.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26407", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26249", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26348", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26302", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26243", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.2645", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26224", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26292", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26339", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39333" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054892", "reference_id": "1054892", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054892" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244418", "reference_id": "2244418", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244418" }, { "reference_url": "https://security.gentoo.org/glsa/202505-11", "reference_id": "GLSA-202505-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-11" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases", "reference_id": "october-2023-security-releases", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-09T18:03:18Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5849", "reference_id": "RHSA-2023:5849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5869", "reference_id": "RHSA-2023:5869", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5869" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7205", "reference_id": "RHSA-2023:7205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7205" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932833?format=api", "purl": "pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.13.0%252Bdfsg1-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932831?format=api", "purl": "pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.0%252Bdfsg-6~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-39333" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yxvf-4pb4-d7ec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76927?format=api", "vulnerability_id": "VCID-yz6h-h3bb-27ee", "summary": "Node.js: Fail to Escape Arguments Properly in Microsoft Windows", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27980.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27980.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27980", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50561", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50659", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50618", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50632", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50654", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50612", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50615", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.5058", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50607", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27980" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/04/10/15", "reference_id": "15", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T21:31:55Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/15" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270693", "reference_id": "2270693", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270693" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/19/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T21:31:55Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/19/3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MZN6PFXHTCCUENAKZXTGWPKUAHI6E2W/", "reference_id": "5MZN6PFXHTCCUENAKZXTGWPKUAHI6E2W", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T21:31:55Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MZN6PFXHTCCUENAKZXTGWPKUAHI6E2W/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/11/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T21:31:55Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/11/6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUWBYDVCUSCX7YWTBX75LADMCVYFBGKU/", "reference_id": "JUWBYDVCUSCX7YWTBX75LADMCVYFBGKU", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T21:31:55Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUWBYDVCUSCX7YWTBX75LADMCVYFBGKU/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-27980" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yz6h-h3bb-27ee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86186?format=api", "vulnerability_id": "VCID-z3gm-8afk-q7dv", "summary": "V8: Memory Corruption and Stack Overflow", "references": [ { "reference_url": "http://advisories.mageia.org/MGASA-2014-0516.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://advisories.mageia.org/MGASA-2014-0516.html" }, { "reference_url": "http://blog.nodejs.org/2014/07/31/v8-memory-corruption-stack-overflow/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://blog.nodejs.org/2014/07/31/v8-memory-corruption-stack-overflow/" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5256.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5256.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01263", "scoring_system": "epss", "scoring_elements": "0.79467", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01263", "scoring_system": "epss", "scoring_elements": "0.79388", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01263", "scoring_system": "epss", "scoring_elements": "0.79395", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01263", "scoring_system": "epss", "scoring_elements": "0.79417", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01263", "scoring_system": "epss", "scoring_elements": "0.79404", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01263", "scoring_system": "epss", "scoring_elements": "0.79432", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01263", "scoring_system": "epss", "scoring_elements": "0.79441", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01263", "scoring_system": "epss", "scoring_elements": "0.79464", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01263", "scoring_system": "epss", "scoring_elements": "0.79447", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01263", "scoring_system": "epss", "scoring_elements": "0.79437", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5256", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5256" }, { "reference_url": "http://secunia.com/advisories/61260", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61260" }, { "reference_url": "https://github.com/joyent/node/commit/530af9cb8e700e7596b3ec812bad123c9fa06356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/joyent/node/commit/530af9cb8e700e7596b3ec812bad123c9fa06356" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684769", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684769" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:142", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:142" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1125464", "reference_id": "1125464", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1125464" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760385", "reference_id": "760385", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760385" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.10.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.10.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nodejs:nodejs:0.8.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:nodejs:0.8.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5256", "reference_id": "CVE-2014-5256", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1744", "reference_id": "RHSA-2014:1744", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1744" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932801?format=api", "purl": "pkg:deb/debian/nodejs@0.10.38~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0.10.38~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-5256" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z3gm-8afk-q7dv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48666?format=api", "vulnerability_id": "VCID-zckz-447u-gueb", "summary": "Multiple vulnerabilities have been found in NodeJS, the worst of\n which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8172.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8172.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8172", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01183", "scoring_system": "epss", "scoring_elements": "0.78718", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01183", "scoring_system": "epss", "scoring_elements": "0.78725", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01183", "scoring_system": "epss", "scoring_elements": "0.78757", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01183", "scoring_system": "epss", "scoring_elements": "0.78739", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01183", "scoring_system": "epss", "scoring_elements": "0.78764", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01183", "scoring_system": "epss", "scoring_elements": "0.78771", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01183", "scoring_system": "epss", "scoring_elements": "0.78795", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01183", "scoring_system": "epss", "scoring_elements": "0.78778", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01183", "scoring_system": "epss", "scoring_elements": "0.78769", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01183", "scoring_system": "epss", "scoring_elements": "0.78798", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8172" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845247", "reference_id": "1845247", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845247" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2847", "reference_id": "RHSA-2020:2847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2852", "reference_id": "RHSA-2020:2852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2852" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2895", "reference_id": "RHSA-2020:2895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2895" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-8172" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zckz-447u-gueb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48673?format=api", "vulnerability_id": "VCID-zj4d-e8r7-ufg3", "summary": "Multiple vulnerabilities have been found in NodeJS, the worst of\n which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8287.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8287.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8287", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11865", "scoring_system": "epss", "scoring_elements": "0.93694", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.11865", "scoring_system": "epss", "scoring_elements": "0.9375", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.11865", "scoring_system": "epss", "scoring_elements": "0.93727", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11865", "scoring_system": "epss", "scoring_elements": "0.93732", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11865", "scoring_system": "epss", "scoring_elements": "0.93704", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11865", "scoring_system": "epss", "scoring_elements": "0.93714", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.11865", "scoring_system": "epss", "scoring_elements": "0.93717", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11865", "scoring_system": "epss", "scoring_elements": "0.93726", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8287" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016690", "reference_id": "1016690", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016690" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912863", "reference_id": "1912863", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912863" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364", "reference_id": "979364", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364" }, { "reference_url": "https://security.archlinux.org/ASA-202101-16", "reference_id": "ASA-202101-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-16" }, { "reference_url": "https://security.archlinux.org/AVG-1400", "reference_id": "AVG-1400", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1400" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0421", "reference_id": "RHSA-2021:0421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0485", "reference_id": "RHSA-2021:0485", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0485" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0521", "reference_id": "RHSA-2021:0521", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0521" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0548", "reference_id": "RHSA-2021:0548", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0548" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0549", "reference_id": "RHSA-2021:0549", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0549" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0551", "reference_id": "RHSA-2021:0551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0551" }, { "reference_url": "https://usn.ubuntu.com/5563-1/", "reference_id": "USN-5563-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5563-1/" }, { "reference_url": "https://usn.ubuntu.com/6380-1/", "reference_id": "USN-6380-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6380-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932819?format=api", "purl": "pkg:deb/debian/nodejs@12.20.1~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.20.1~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-8287" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zj4d-e8r7-ufg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69629?format=api", "vulnerability_id": "VCID-znta-r3v4-hyg1", "summary": "nodejs: Memory Leak in Node.js ReadFileUtf8 Binding Leading to DoS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23165.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23165.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23165", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.57943", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.57938", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.57939", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.57956", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.57933", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.57913", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.57888", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.57907", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.57883", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23165" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105832", "reference_id": "1105832", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105832" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367162", "reference_id": "2367162", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367162" }, { "reference_url": "https://security.archlinux.org/ASA-202505-7", "reference_id": "ASA-202505-7", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202505-7" }, { "reference_url": "https://security.archlinux.org/ASA-202505-8", "reference_id": "ASA-202505-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202505-8" }, { "reference_url": "https://security.archlinux.org/AVG-2872", "reference_id": "AVG-2872", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2872" }, { "reference_url": "https://security.archlinux.org/AVG-2873", "reference_id": "AVG-2873", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2873" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/may-2025-security-releases", "reference_id": "may-2025-security-releases", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-19T13:55:12Z/" } ], "url": "https://nodejs.org/en/blog/vulnerability/may-2025-security-releases" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8467", "reference_id": "RHSA-2025:8467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8468", "reference_id": "RHSA-2025:8468", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8468" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8493", "reference_id": "RHSA-2025:8493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8506", "reference_id": "RHSA-2025:8506", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8506" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8514", "reference_id": "RHSA-2025:8514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8514" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932803?format=api", "purl": "pkg:deb/debian/nodejs@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-23165" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-znta-r3v4-hyg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57382?format=api", "vulnerability_id": "VCID-zrbm-htvv-eke9", "summary": "Multiple vulnerabilities have been found in Node.js, worst of which\n could allow remote attackers to write arbitrary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12121.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12121.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12121", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06647", "scoring_system": "epss", "scoring_elements": "0.91228", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.08466", "scoring_system": "epss", "scoring_elements": "0.92321", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.08466", "scoring_system": "epss", "scoring_elements": "0.92328", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.08466", "scoring_system": "epss", "scoring_elements": "0.92334", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.08466", "scoring_system": "epss", "scoring_elements": "0.92338", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.08466", "scoring_system": "epss", "scoring_elements": "0.92349", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.08466", "scoring_system": "epss", "scoring_elements": "0.92354", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.08466", "scoring_system": "epss", "scoring_elements": "0.92359", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.08466", "scoring_system": "epss", "scoring_elements": "0.92361", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12121" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12121", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12121" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661002", "reference_id": "1661002", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2258", "reference_id": "RHSA-2019:2258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3497", "reference_id": "RHSA-2019:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3497" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932810?format=api", "purl": "pkg:deb/debian/nodejs@10.15.0~dfsg-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.15.0~dfsg-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-12121" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zrbm-htvv-eke9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18167?format=api", "vulnerability_id": "VCID-zstw-3wmu-u3c8", "summary": "llhttp vulnerable to HTTP request smuggling\nThe llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).\n\nThe CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30589.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30589.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30589", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83348", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83313", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83323", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83317", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83261", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83276", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83275", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83299", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01916", "scoring_system": "epss", "scoring_elements": "0.83308", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30589" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/nodejs/llhttp", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nodejs/llhttp" }, { "reference_url": "https://github.com/nodejs/llhttp/releases/tag/release%2Fv8.1.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nodejs/llhttp/releases/tag/release%2Fv8.1.1" }, { "reference_url": "https://hackerone.com/reports/2001873", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/2001873" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCVG4TQRGTK4LKAZKVEQAUEJM7DUACYE", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCVG4TQRGTK4LKAZKVEQAUEJM7DUACYE" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230803-0009", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230803-0009" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240621-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990", "reference_id": "1039990", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219841", "reference_id": "2219841", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219841" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30589", "reference_id": "CVE-2023-30589", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30589" }, { "reference_url": "https://github.com/advisories/GHSA-cggh-pq45-6h9x", "reference_id": "GHSA-cggh-pq45-6h9x", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cggh-pq45-6h9x" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4330", "reference_id": "RHSA-2023:4330", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4330" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4331", "reference_id": "RHSA-2023:4331", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4331" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4536", "reference_id": "RHSA-2023:4536", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4537", "reference_id": "RHSA-2023:4537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5361", "reference_id": "RHSA-2023:5361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5533", "reference_id": "RHSA-2023:5533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5533" }, { "reference_url": "https://usn.ubuntu.com/6735-1/", "reference_id": "USN-6735-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6735-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932834?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932833?format=api", "purl": "pkg:deb/debian/nodejs@18.13.0%2Bdfsg1-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.13.0%252Bdfsg1-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932831?format=api", "purl": "pkg:deb/debian/nodejs@18.19.0%2Bdfsg-6~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.19.0%252Bdfsg-6~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-30589", "GHSA-cggh-pq45-6h9x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zstw-3wmu-u3c8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48672?format=api", "vulnerability_id": "VCID-ztt4-vnk7-7ycq", "summary": "Multiple vulnerabilities have been found in NodeJS, the worst of\n which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8265.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8265.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8265", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73197", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73291", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73255", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73248", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73207", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73228", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73201", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73238", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73251", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73276", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8265" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912854", "reference_id": "1912854", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912854" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364", "reference_id": "979364", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364" }, { "reference_url": "https://security.archlinux.org/ASA-202101-16", "reference_id": "ASA-202101-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-16" }, { "reference_url": "https://security.archlinux.org/AVG-1400", "reference_id": "AVG-1400", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1400" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0421", "reference_id": "RHSA-2021:0421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0485", "reference_id": "RHSA-2021:0485", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0485" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0521", "reference_id": "RHSA-2021:0521", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0521" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0548", "reference_id": "RHSA-2021:0548", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0548" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0549", "reference_id": "RHSA-2021:0549", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0549" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0551", "reference_id": "RHSA-2021:0551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0551" }, { "reference_url": "https://usn.ubuntu.com/6380-1/", "reference_id": "USN-6380-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6380-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932819?format=api", "purl": "pkg:deb/debian/nodejs@12.20.1~dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.20.1~dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932797?format=api", "purl": "pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-38k9-23j3-eqh7" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-kj75-vmwa-gqgq" }, { "vulnerability": "VCID-sag8-repb-g3f4" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-x1an-pjq4-nbby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932795?format=api", "purl": "pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vp3-fzdr-yqbm" }, { "vulnerability": "VCID-2t7c-dju9-pff6" }, { "vulnerability": "VCID-43sf-4r41-wugc" }, { "vulnerability": "VCID-96yh-1wub-zucg" }, { "vulnerability": "VCID-98fy-tedc-ube7" }, { "vulnerability": "VCID-bjza-25hu-vkad" }, { "vulnerability": "VCID-dgkh-jdah-wfh9" }, { "vulnerability": "VCID-dt7u-3usg-9uet" }, { "vulnerability": "VCID-twc8-ewm7-wkb1" }, { "vulnerability": "VCID-u8bq-8jp4-jkem" }, { "vulnerability": "VCID-v7uy-445x-tuan" }, { "vulnerability": "VCID-wf5t-3pwz-c7d7" }, { "vulnerability": "VCID-x1an-pjq4-nbby" }, { "vulnerability": "VCID-xkpz-pb5y-jqcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932799?format=api", "purl": "pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932798?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063054?format=api", "purl": "pkg:deb/debian/nodejs@22.22.2%2Bdfsg%2B~cs22.19.15-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@22.22.2%252Bdfsg%252B~cs22.19.15-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-8265" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ztt4-vnk7-7ycq" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1%3Fdistro=trixie" }