Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/npm@6.14.6%2Bds-1?distro=trixie

Type deb

Namespace debian

Name npm

Version 6.14.6+ds-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 7.24.0+ds-2

Latest_non_vulnerable_version 11.12.1~ds1-4

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-e2wc-na6c-c3cr

vulnerability_id VCID-e2wc-na6c-c3cr

summary

npm CLI exposing sensitive information through logs
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like `<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>`. The password value is not redacted and is printed to stdout and also to any generated log files.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00015.html

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00015.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15095.json

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15095.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-15095

reference_id

reference_type

scores

value	0.001
scoring_system	epss
scoring_elements	0.27647
published_at	2026-04-21T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27803
published_at	2026-04-01T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27853
published_at	2026-04-02T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27894
published_at	2026-04-04T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27685
published_at	2026-04-07T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27753
published_at	2026-04-08T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27796
published_at	2026-04-09T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27802
published_at	2026-04-11T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.2776
published_at	2026-04-12T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27702
published_at	2026-04-13T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27712
published_at	2026-04-16T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27686
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-15095

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15095
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15095

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/npm/cli/blob/66aab417f836a901f8afb265251f761bb0422463/CHANGELOG.md#6146-2020-07-07

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/cli/blob/66aab417f836a901f8afb265251f761bb0422463/CHANGELOG.md#6146-2020-07-07

reference_url

https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc

reference_url

https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-15095

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-15095

reference_url

https://security.gentoo.org/glsa/202101-07

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202101-07

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1856875
reference_id	1856875
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1856875

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964746
reference_id	964746
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964746

reference_url

https://github.com/advisories/GHSA-93f3-23rq-pjfp

reference_id

GHSA-93f3-23rq-pjfp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-93f3-23rq-pjfp

reference_url	https://access.redhat.com/errata/RHSA-2020:4272
reference_id	RHSA-2020:4272
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4272

reference_url	https://access.redhat.com/errata/RHSA-2020:4903
reference_id	RHSA-2020:4903
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4903

reference_url	https://access.redhat.com/errata/RHSA-2020:5086
reference_id	RHSA-2020:5086
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5086

reference_url	https://access.redhat.com/errata/RHSA-2021:0521
reference_id	RHSA-2021:0521
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0521

reference_url	https://access.redhat.com/errata/RHSA-2021:0548
reference_id	RHSA-2021:0548
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0548

fixed_packages

url	pkg:deb/debian/npm@6.14.6%2Bds-1?distro=trixie
purl	pkg:deb/debian/npm@6.14.6%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@6.14.6%252Bds-1%3Fdistro=trixie

url pkg:deb/debian/npm@7.5.2%2Bds-2?distro=trixie

purl pkg:deb/debian/npm@7.5.2%2Bds-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-368z-yjtu-m3hc

vulnerability	VCID-9vk1-2ysq-3ygd

vulnerability	VCID-myru-vzn7-u7cf

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@7.5.2%252Bds-2%3Fdistro=trixie

url	pkg:deb/debian/npm@9.2.0~ds1-1?distro=trixie
purl	pkg:deb/debian/npm@9.2.0~ds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds1-1%3Fdistro=trixie

url	pkg:deb/debian/npm@9.2.0~ds1-3?distro=trixie
purl	pkg:deb/debian/npm@9.2.0~ds1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds1-3%3Fdistro=trixie

url	pkg:deb/debian/npm@9.2.0~ds3-1?distro=trixie
purl	pkg:deb/debian/npm@9.2.0~ds3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@9.2.0~ds3-1%3Fdistro=trixie

url	pkg:deb/debian/npm@11.12.1~ds1-2?distro=trixie
purl	pkg:deb/debian/npm@11.12.1~ds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-2%3Fdistro=trixie

url	pkg:deb/debian/npm@11.12.1~ds1-3?distro=trixie
purl	pkg:deb/debian/npm@11.12.1~ds1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-3%3Fdistro=trixie

url	pkg:deb/debian/npm@11.12.1~ds1-4?distro=trixie
purl	pkg:deb/debian/npm@11.12.1~ds1-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@11.12.1~ds1-4%3Fdistro=trixie

aliases CVE-2020-15095, GHSA-93f3-23rq-pjfp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e2wc-na6c-c3cr

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/npm@6.14.6%252Bds-1%3Fdistro=trixie

Package Instance