Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/nodejs-nodemon@2.0.19-1?arch=el9_0

Type rpm

Namespace redhat

Name nodejs-nodemon

Version 2.0.19-1

Qualifiers

arch	el9_0

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-4f1w-xpyy-2fcf

vulnerability_id

VCID-4f1w-xpyy-2fcf

summary

glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28469.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28469.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-28469

reference_id

reference_type

scores

value	0.00888
scoring_system	epss
scoring_elements	0.75446
published_at	2026-04-07T12:55:00Z

value	0.00888
scoring_system	epss
scoring_elements	0.75465
published_at	2026-04-04T12:55:00Z

value	0.00888
scoring_system	epss
scoring_elements	0.75434
published_at	2026-04-02T12:55:00Z

value	0.00888
scoring_system	epss
scoring_elements	0.75431
published_at	2026-04-01T12:55:00Z

value	0.00913
scoring_system	epss
scoring_elements	0.75887
published_at	2026-04-11T12:55:00Z

value	0.00913
scoring_system	epss
scoring_elements	0.75868
published_at	2026-04-12T12:55:00Z

value	0.00913
scoring_system	epss
scoring_elements	0.75851
published_at	2026-04-08T12:55:00Z

value	0.00913
scoring_system	epss
scoring_elements	0.75863
published_at	2026-04-09T12:55:00Z

value	0.00991
scoring_system	epss
scoring_elements	0.76932
published_at	2026-04-18T12:55:00Z

value	0.00991
scoring_system	epss
scoring_elements	0.76924
published_at	2026-04-21T12:55:00Z

value	0.00991
scoring_system	epss
scoring_elements	0.76886
published_at	2026-04-13T12:55:00Z

value	0.00991
scoring_system	epss
scoring_elements	0.76928
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-28469

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28469
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28469

reference_url

https://github.com/gulpjs/glob-parent

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/gulpjs/glob-parent

reference_url

https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9

reference_url

https://github.com/gulpjs/glob-parent/commit/4a80667c69355c76a572a5892b0f133c8e1f457e

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/gulpjs/glob-parent/commit/4a80667c69355c76a572a5892b0f133c8e1f457e

reference_url

https://github.com/gulpjs/glob-parent/pull/36

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/gulpjs/glob-parent/pull/36

reference_url

https://github.com/gulpjs/glob-parent/pull/36/commits/c6db86422a9731d4f3d332ce4a81c27ea6b0ee46

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/gulpjs/glob-parent/pull/36/commits/c6db86422a9731d4f3d332ce4a81c27ea6b0ee46

reference_url

https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-28469

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-28469

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092

reference_url

https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1945459
reference_id	1945459
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1945459

reference_url

https://github.com/advisories/GHSA-ww39-953v-wcq6

reference_id

GHSA-ww39-953v-wcq6

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-ww39-953v-wcq6

reference_url	https://access.redhat.com/errata/RHSA-2021:2438
reference_id	RHSA-2021:2438
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2438

reference_url	https://access.redhat.com/errata/RHSA-2021:2865
reference_id	RHSA-2021:2865
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2865

reference_url	https://access.redhat.com/errata/RHSA-2021:3280
reference_id	RHSA-2021:3280
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3280

reference_url	https://access.redhat.com/errata/RHSA-2021:3281
reference_id	RHSA-2021:3281
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3281

reference_url	https://access.redhat.com/errata/RHSA-2021:4626
reference_id	RHSA-2021:4626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4626

reference_url	https://access.redhat.com/errata/RHSA-2021:5171
reference_id	RHSA-2021:5171
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5171

reference_url	https://access.redhat.com/errata/RHSA-2022:0246
reference_id	RHSA-2022:0246
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0246

reference_url	https://access.redhat.com/errata/RHSA-2022:0350
reference_id	RHSA-2022:0350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0350

reference_url	https://access.redhat.com/errata/RHSA-2022:6595
reference_id	RHSA-2022:6595
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6595

fixed_packages

aliases

CVE-2020-28469, GHSA-ww39-953v-wcq6

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-4f1w-xpyy-2fcf

url

VCID-7tyw-ppyt-zqgr

vulnerability_id

VCID-7tyw-ppyt-zqgr

summary

ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse
### Overview
The `ini` npm package before version 1.3.6 has a Prototype Pollution vulnerability.

If an attacker submits a malicious INI file to an application that parses it with `ini.parse`, they will pollute the prototype on the application. This can be exploited further depending on the context.

### Patches

This has been patched in 1.3.6.

### Steps to reproduce

payload.ini
```
[__proto__]
polluted = "polluted"
```

poc.js:
```
var fs = require('fs')
var ini = require('ini')

var parsed = ini.parse(fs.readFileSync('./payload.ini', 'utf-8'))
console.log(parsed)
console.log(parsed.__proto__)
console.log(polluted)
```

```
> node poc.js
{}
{ polluted: 'polluted' }
{ polluted: 'polluted' }
polluted
```

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7788.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7788.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7788

reference_id

reference_type

scores

value	0.00291
scoring_system	epss
scoring_elements	0.5253
published_at	2026-04-21T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52398
published_at	2026-04-01T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52444
published_at	2026-04-02T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52471
published_at	2026-04-04T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52437
published_at	2026-04-07T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52489
published_at	2026-04-08T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52484
published_at	2026-04-09T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52535
published_at	2026-04-11T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52518
published_at	2026-04-12T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52502
published_at	2026-04-13T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52541
published_at	2026-04-16T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52546
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7788

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788

reference_url

https://github.com/npm/ini

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/ini

reference_url

https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1

reference_url

https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-7788

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-7788

reference_url

https://snyk.io/vuln/SNYK-JS-INI-1048974

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-INI-1048974

reference_url

https://www.npmjs.com/advisories/1589

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/advisories/1589

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1907444
reference_id	1907444
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1907444

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977718
reference_id	977718
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977718

reference_url

https://github.com/advisories/GHSA-qqgx-2p2h-9c37

reference_id

GHSA-qqgx-2p2h-9c37

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qqgx-2p2h-9c37

reference_url	https://access.redhat.com/errata/RHSA-2021:0421
reference_id	RHSA-2021:0421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0421

reference_url	https://access.redhat.com/errata/RHSA-2021:0485
reference_id	RHSA-2021:0485
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0485

reference_url	https://access.redhat.com/errata/RHSA-2021:0521
reference_id	RHSA-2021:0521
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0521

reference_url	https://access.redhat.com/errata/RHSA-2021:0548
reference_id	RHSA-2021:0548
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0548

reference_url	https://access.redhat.com/errata/RHSA-2021:0549
reference_id	RHSA-2021:0549
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0549

reference_url	https://access.redhat.com/errata/RHSA-2021:0551
reference_id	RHSA-2021:0551
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0551

reference_url	https://access.redhat.com/errata/RHSA-2021:3280
reference_id	RHSA-2021:3280
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3280

reference_url	https://access.redhat.com/errata/RHSA-2021:3281
reference_id	RHSA-2021:3281
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3281

reference_url	https://access.redhat.com/errata/RHSA-2021:5171
reference_id	RHSA-2021:5171
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5171

reference_url	https://access.redhat.com/errata/RHSA-2022:0246
reference_id	RHSA-2022:0246
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0246

reference_url	https://access.redhat.com/errata/RHSA-2022:0350
reference_id	RHSA-2022:0350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0350

reference_url	https://access.redhat.com/errata/RHSA-2022:6595
reference_id	RHSA-2022:6595
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6595

fixed_packages

aliases

CVE-2020-7788, GHSA-qqgx-2p2h-9c37

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-7tyw-ppyt-zqgr

url

VCID-c86y-234c-s3hu

vulnerability_id

VCID-c86y-234c-s3hu

summary

ansi-regex is vulnerable to Inefficient Regular Expression Complexity

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3807.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3807.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3807

reference_id

reference_type

scores

value	0.00215
scoring_system	epss
scoring_elements	0.4403
published_at	2026-04-21T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44096
published_at	2026-04-18T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44105
published_at	2026-04-16T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44069
published_at	2026-04-02T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44043
published_at	2026-04-13T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44021
published_at	2026-04-01T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44092
published_at	2026-04-11T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44023
published_at	2026-04-07T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44074
published_at	2026-04-08T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44059
published_at	2026-04-12T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44076
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3807

reference_url

https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3807
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3807

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/chalk/ansi-regex

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/chalk/ansi-regex

reference_url

https://github.com/chalk/ansi-regex/commit/419250fa510bf31b4cc672e76537a64f9332e1f1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/chalk/ansi-regex/commit/419250fa510bf31b4cc672e76537a64f9332e1f1

reference_url

https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a

reference_url

https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9

reference_url

https://github.com/chalk/ansi-regex/commit/c3c0b3f2736b9c01feec0fef33980c43720dcde8

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/chalk/ansi-regex/commit/c3c0b3f2736b9c01feec0fef33980c43720dcde8

reference_url

https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311

reference_url

https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774

reference_url

https://github.com/chalk/ansi-regex/releases/tag/v6.0.1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/chalk/ansi-regex/releases/tag/v6.0.1

reference_url

https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994

reference_url

https://security.netapp.com/advisory/ntap-20221014-0002

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20221014-0002

reference_url	https://security.netapp.com/advisory/ntap-20221014-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20221014-0002/

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2007557
reference_id	2007557
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2007557

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994568
reference_id	994568
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994568

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3807

reference_id

CVE-2021-3807

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3807

reference_url

https://github.com/advisories/GHSA-93q8-gq69-wqmw

reference_id

GHSA-93q8-gq69-wqmw

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-93q8-gq69-wqmw

reference_url	https://access.redhat.com/errata/RHSA-2021:5171
reference_id	RHSA-2021:5171
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5171

reference_url	https://access.redhat.com/errata/RHSA-2022:0041
reference_id	RHSA-2022:0041
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0041

reference_url	https://access.redhat.com/errata/RHSA-2022:0246
reference_id	RHSA-2022:0246
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0246

reference_url	https://access.redhat.com/errata/RHSA-2022:0350
reference_id	RHSA-2022:0350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0350

reference_url	https://access.redhat.com/errata/RHSA-2022:4711
reference_id	RHSA-2022:4711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4711

reference_url	https://access.redhat.com/errata/RHSA-2022:4814
reference_id	RHSA-2022:4814
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4814

reference_url	https://access.redhat.com/errata/RHSA-2022:5483
reference_id	RHSA-2022:5483
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5483

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

reference_url	https://access.redhat.com/errata/RHSA-2022:5555
reference_id	RHSA-2022:5555
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5555

reference_url	https://access.redhat.com/errata/RHSA-2022:6449
reference_id	RHSA-2022:6449
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6449

reference_url	https://access.redhat.com/errata/RHSA-2022:6595
reference_id	RHSA-2022:6595
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6595

reference_url	https://access.redhat.com/errata/RHSA-2023:3742
reference_id	RHSA-2023:3742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3742

fixed_packages

aliases

CVE-2021-3807, GHSA-93q8-gq69-wqmw

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-c86y-234c-s3hu

url

VCID-vg3f-8mjh-bbf5

vulnerability_id

VCID-vg3f-8mjh-bbf5

summary

Got allows a redirect to a UNIX socket
The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-33987.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-33987.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-33987

reference_id

reference_type

scores

value	0.00807
scoring_system	epss
scoring_elements	0.74228
published_at	2026-04-18T12:55:00Z

value	0.00807
scoring_system	epss
scoring_elements	0.74181
published_at	2026-04-13T12:55:00Z

value	0.00807
scoring_system	epss
scoring_elements	0.74219
published_at	2026-04-21T12:55:00Z

value	0.00807
scoring_system	epss
scoring_elements	0.74138
published_at	2026-04-02T12:55:00Z

value	0.00807
scoring_system	epss
scoring_elements	0.74164
published_at	2026-04-04T12:55:00Z

value	0.00807
scoring_system	epss
scoring_elements	0.74136
published_at	2026-04-07T12:55:00Z

value	0.00807
scoring_system	epss
scoring_elements	0.74169
published_at	2026-04-08T12:55:00Z

value	0.00807
scoring_system	epss
scoring_elements	0.74184
published_at	2026-04-09T12:55:00Z

value	0.00807
scoring_system	epss
scoring_elements	0.74205
published_at	2026-04-11T12:55:00Z

value	0.00807
scoring_system	epss
scoring_elements	0.74187
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-33987

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33987
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33987

reference_url

https://github.com/sindresorhus/got

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sindresorhus/got

reference_url

https://github.com/sindresorhus/got/commit/861ccd9ac2237df762a9e2beed7edd88c60782dc

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sindresorhus/got/commit/861ccd9ac2237df762a9e2beed7edd88c60782dc

reference_url

https://github.com/sindresorhus/got/compare/v12.0.3...v12.1.0

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sindresorhus/got/compare/v12.0.3...v12.1.0

reference_url

https://github.com/sindresorhus/got/pull/2047

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sindresorhus/got/pull/2047

reference_url

https://github.com/sindresorhus/got/releases/tag/v11.8.5

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sindresorhus/got/releases/tag/v11.8.5

reference_url

https://github.com/sindresorhus/got/releases/tag/v12.1.0

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sindresorhus/got/releases/tag/v12.1.0

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-33987

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-33987

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013264
reference_id	1013264
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013264

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2102001
reference_id	2102001
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2102001

reference_url

https://github.com/advisories/GHSA-pfrx-2q88-qq97

reference_id

GHSA-pfrx-2q88-qq97

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pfrx-2q88-qq97

reference_url	https://access.redhat.com/errata/RHSA-2022:6389
reference_id	RHSA-2022:6389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6389

reference_url	https://access.redhat.com/errata/RHSA-2022:6448
reference_id	RHSA-2022:6448
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6448

reference_url	https://access.redhat.com/errata/RHSA-2022:6449
reference_id	RHSA-2022:6449
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6449

reference_url	https://access.redhat.com/errata/RHSA-2022:6595
reference_id	RHSA-2022:6595
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6595

reference_url	https://access.redhat.com/errata/RHSA-2022:6985
reference_id	RHSA-2022:6985
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6985

fixed_packages

aliases

CVE-2022-33987, GHSA-pfrx-2q88-qq97

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-vg3f-8mjh-bbf5

url

VCID-vg7c-pctm-m7gn

vulnerability_id

VCID-vg7c-pctm-m7gn

summary

ReDoS in normalize-url
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33502.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33502.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-33502

reference_id

reference_type

scores

value	0.00355
scoring_system	epss
scoring_elements	0.57819
published_at	2026-04-13T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57824
published_at	2026-04-21T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57847
published_at	2026-04-18T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57848
published_at	2026-04-16T12:55:00Z

value	0.00464
scoring_system	epss
scoring_elements	0.64273
published_at	2026-04-07T12:55:00Z

value	0.00464
scoring_system	epss
scoring_elements	0.6423
published_at	2026-04-01T12:55:00Z

value	0.00464
scoring_system	epss
scoring_elements	0.64288
published_at	2026-04-02T12:55:00Z

value	0.00464
scoring_system	epss
scoring_elements	0.64316
published_at	2026-04-04T12:55:00Z

value	0.00464
scoring_system	epss
scoring_elements	0.64338
published_at	2026-04-12T12:55:00Z

value	0.00464
scoring_system	epss
scoring_elements	0.64349
published_at	2026-04-11T12:55:00Z

value	0.00464
scoring_system	epss
scoring_elements	0.64336
published_at	2026-04-09T12:55:00Z

value	0.00464
scoring_system	epss
scoring_elements	0.64322
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-33502

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33502
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33502

reference_url

https://github.com/sindresorhus/normalize-url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sindresorhus/normalize-url

reference_url

https://github.com/sindresorhus/normalize-url/commit/b1fdb5120b6d27a88400d8800e67ff5a22bd2103

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sindresorhus/normalize-url/commit/b1fdb5120b6d27a88400d8800e67ff5a22bd2103

reference_url

https://github.com/sindresorhus/normalize-url/releases/tag/v6.0.1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sindresorhus/normalize-url/releases/tag/v6.0.1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-33502

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-33502

reference_url

https://security.netapp.com/advisory/ntap-20210706-0001

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210706-0001

reference_url	https://security.netapp.com/advisory/ntap-20210706-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210706-0001/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1964461
reference_id	1964461
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1964461

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989258
reference_id	989258
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989258

reference_url

https://github.com/advisories/GHSA-px4h-xg32-q955

reference_id

GHSA-px4h-xg32-q955

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-px4h-xg32-q955

reference_url	https://access.redhat.com/errata/RHSA-2021:2931
reference_id	RHSA-2021:2931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2931

reference_url	https://access.redhat.com/errata/RHSA-2021:2932
reference_id	RHSA-2021:2932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2932

reference_url	https://access.redhat.com/errata/RHSA-2021:5171
reference_id	RHSA-2021:5171
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5171

reference_url	https://access.redhat.com/errata/RHSA-2022:0246
reference_id	RHSA-2022:0246
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0246

reference_url	https://access.redhat.com/errata/RHSA-2022:0350
reference_id	RHSA-2022:0350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0350

reference_url	https://access.redhat.com/errata/RHSA-2022:4711
reference_id	RHSA-2022:4711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4711

reference_url	https://access.redhat.com/errata/RHSA-2022:6595
reference_id	RHSA-2022:6595
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6595

fixed_packages

aliases

CVE-2021-33502, GHSA-px4h-xg32-q955

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-vg7c-pctm-m7gn

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nodejs-nodemon@2.0.19-1%3Farch=el9_0

Package Instance