Package Instance

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc

reference_url

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc

reference_url

https://lists.debian.org/debian-lts-announce/2022/12/msg00023.html

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/12/msg00023.html

reference_url

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1999731
reference_id	1999731
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1999731

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-37701

reference_id

CVE-2021-37701

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-37701

reference_url

https://github.com/advisories/GHSA-9r2w-394v-53qc

reference_id

GHSA-9r2w-394v-53qc

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9r2w-394v-53qc

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2021:5086
reference_id	RHSA-2021:5086
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5086

reference_url	https://access.redhat.com/errata/RHSA-2022:0041
reference_id	RHSA-2022:0041
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0041

reference_url	https://access.redhat.com/errata/RHSA-2022:0246
reference_id	RHSA-2022:0246
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0246

reference_url	https://access.redhat.com/errata/RHSA-2022:0350
reference_id	RHSA-2022:0350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0350

reference_url	https://access.redhat.com/errata/RHSA-2022:4914
reference_id	RHSA-2022:4914
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4914

fixed_packages

aliases

CVE-2021-37701, GHSA-9r2w-394v-53qc

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-1tz4-bphw-rbd3

url

VCID-5cf7-va9h-h3gy

vulnerability_id

VCID-5cf7-va9h-h3gy

summary

Improper Certificate Validation
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js does not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44531.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44531.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44531

reference_id

reference_type

scores

value	0.00076
scoring_system	epss
scoring_elements	0.22783
published_at	2026-04-01T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22952
published_at	2026-04-02T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22996
published_at	2026-04-04T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22789
published_at	2026-04-07T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22863
published_at	2026-04-08T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22916
published_at	2026-04-09T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22936
published_at	2026-04-11T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22899
published_at	2026-04-12T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22843
published_at	2026-04-13T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22856
published_at	2026-04-16T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22851
published_at	2026-04-18T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.2281
published_at	2026-04-21T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22647
published_at	2026-04-24T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.2264
published_at	2026-04-26T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22635
published_at	2026-04-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44531

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/1429694
reference_id
reference_type
scores
url	https://hackerone.com/reports/1429694

reference_url	https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/

reference_url	https://security.netapp.com/advisory/ntap-20220325-0007/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220325-0007/

reference_url	https://www.debian.org/security/2022/dsa-5170
reference_id
reference_type
scores
url	https://www.debian.org/security/2022/dsa-5170

reference_url	https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url	https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177
reference_id	1004177
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2040839
reference_id	2040839
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2040839

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-44531
reference_id	CVE-2021-44531
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-44531

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2022:4914
reference_id	RHSA-2022:4914
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4914

reference_url	https://access.redhat.com/errata/RHSA-2022:7044
reference_id	RHSA-2022:7044
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7044

reference_url	https://access.redhat.com/errata/RHSA-2022:7830
reference_id	RHSA-2022:7830
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7830

reference_url	https://access.redhat.com/errata/RHSA-2022:9073
reference_id	RHSA-2022:9073
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9073

reference_url	https://access.redhat.com/errata/RHSA-2023:1742
reference_id	RHSA-2023:1742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1742

reference_url	https://access.redhat.com/errata/RHSA-2023:3742
reference_id	RHSA-2023:3742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3742

fixed_packages

aliases

CVE-2021-44531

risk_score

3.4

exploitability

0.5

weighted_severity

6.7

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-5cf7-va9h-h3gy

url

VCID-7mtb-yaq7-77ep

vulnerability_id

VCID-7mtb-yaq7-77ep

summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The npm package "tar" (aka node-tar) has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37712.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37712.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-37712

reference_id

reference_type

scores

value	0.00085
scoring_system	epss
scoring_elements	0.24623
published_at	2026-04-01T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24643
published_at	2026-04-11T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24626
published_at	2026-04-09T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.2458
published_at	2026-04-08T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24509
published_at	2026-04-07T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24737
published_at	2026-04-04T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24698
published_at	2026-04-02T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24413
published_at	2026-04-29T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24454
published_at	2026-04-26T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24468
published_at	2026-04-24T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24523
published_at	2026-04-21T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24548
published_at	2026-04-18T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24557
published_at	2026-04-16T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24545
published_at	2026-04-13T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.246
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-37712

reference_url

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37701
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37701

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37712
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37712

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/isaacs/node-tar/commit/1739408d3122af897caefd09662bce2ea477533b

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/isaacs/node-tar/commit/1739408d3122af897caefd09662bce2ea477533b

reference_url

https://github.com/isaacs/node-tar/commit/2f1bca027286c23e110b8dfc7efc10756fa3db5a

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/isaacs/node-tar/commit/2f1bca027286c23e110b8dfc7efc10756fa3db5a

reference_url

https://github.com/isaacs/node-tar/commit/3aaf19b2501bbddb145d92b3322c80dcaed3c35f

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/isaacs/node-tar/commit/3aaf19b2501bbddb145d92b3322c80dcaed3c35f

reference_url

https://github.com/isaacs/node-tar/commit/b6162c7fafe797f856564ef37f4b82747f051455

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/isaacs/node-tar/commit/b6162c7fafe797f856564ef37f4b82747f051455

reference_url

https://github.com/isaacs/node-tar/commit/bb93ba243746f705092905da1955ac3b0509ba1e

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/isaacs/node-tar/commit/bb93ba243746f705092905da1955ac3b0509ba1e

reference_url

https://github.com/isaacs/node-tar/commit/d56f790bda9fea807dd80c5083f24771dbdd6eb1

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/isaacs/node-tar/commit/d56f790bda9fea807dd80c5083f24771dbdd6eb1

reference_url

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/12/msg00023.html

reference_url

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/12/msg00023.html

reference_url

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1999739
reference_id	1999739
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1999739

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993981
reference_id	993981
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993981

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-37712

reference_id

CVE-2021-37712

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-37712

reference_url

https://github.com/advisories/GHSA-qq89-hq3f-393p

reference_id

GHSA-qq89-hq3f-393p

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qq89-hq3f-393p

reference_url

https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p

reference_id

GHSA-qq89-hq3f-393p

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2021:5086
reference_id	RHSA-2021:5086
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5086

reference_url	https://access.redhat.com/errata/RHSA-2022:0041
reference_id	RHSA-2022:0041
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0041

reference_url	https://access.redhat.com/errata/RHSA-2022:0246
reference_id	RHSA-2022:0246
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0246

reference_url	https://access.redhat.com/errata/RHSA-2022:0350
reference_id	RHSA-2022:0350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0350

reference_url	https://access.redhat.com/errata/RHSA-2022:4914
reference_id	RHSA-2022:4914
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4914

fixed_packages

aliases

CVE-2021-37712, GHSA-qq89-hq3f-393p

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-7mtb-yaq7-77ep

url

VCID-e18p-c3m9-2qgy

vulnerability_id

VCID-e18p-c3m9-2qgy

summary

Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44532.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44532.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44532

reference_id

reference_type

scores

value	0.00132
scoring_system	epss
scoring_elements	0.32731
published_at	2026-04-01T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32862
published_at	2026-04-02T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32897
published_at	2026-04-04T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32718
published_at	2026-04-21T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32765
published_at	2026-04-08T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32792
published_at	2026-04-09T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32794
published_at	2026-04-11T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32756
published_at	2026-04-12T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.3273
published_at	2026-04-13T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32771
published_at	2026-04-16T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32748
published_at	2026-04-18T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32567
published_at	2026-04-24T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32451
published_at	2026-04-26T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32368
published_at	2026-04-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44532

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177
reference_id	1004177
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2040846
reference_id	2040846
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2040846

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2022:4914
reference_id	RHSA-2022:4914
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4914

reference_url	https://access.redhat.com/errata/RHSA-2022:7044
reference_id	RHSA-2022:7044
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7044

reference_url	https://access.redhat.com/errata/RHSA-2022:7830
reference_id	RHSA-2022:7830
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7830

reference_url	https://access.redhat.com/errata/RHSA-2022:9073
reference_id	RHSA-2022:9073
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9073

reference_url	https://access.redhat.com/errata/RHSA-2023:1742
reference_id	RHSA-2023:1742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1742

reference_url	https://access.redhat.com/errata/RHSA-2023:3742
reference_id	RHSA-2023:3742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3742

fixed_packages

aliases

CVE-2021-44532

risk_score

3.4

exploitability

0.5

weighted_severity

6.7

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-e18p-c3m9-2qgy

url

VCID-gwyr-ac4e-dqfa

vulnerability_id

VCID-gwyr-ac4e-dqfa

summary

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
The llhttp parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22959.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22959.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22959

reference_id

reference_type

scores

value	0.00212
scoring_system	epss
scoring_elements	0.43692
published_at	2026-04-01T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43574
published_at	2026-04-29T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43652
published_at	2026-04-24T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43657
published_at	2026-04-26T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43747
published_at	2026-04-02T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43772
published_at	2026-04-04T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43706
published_at	2026-04-07T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43756
published_at	2026-04-08T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43759
published_at	2026-04-09T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43779
published_at	2026-04-11T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43746
published_at	2026-04-12T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.4373
published_at	2026-04-13T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43791
published_at	2026-04-16T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43783
published_at	2026-04-18T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43715
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/1238709
reference_id
reference_type
scores
url	https://hackerone.com/reports/1238709

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2014057
reference_id	2014057
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2014057

reference_url	https://security.archlinux.org/ASA-202110-4
reference_id	ASA-202110-4
reference_type
scores
url	https://security.archlinux.org/ASA-202110-4

reference_url

reference_id

AVG-2460

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

http://public2.vulnerablecode.io/vulnerabilities/VCID-gwyr-ac4e-dqfa

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-22959
reference_id	CVE-2021-22959
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-22959

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2021:5171
reference_id	RHSA-2021:5171
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5171

reference_url	https://access.redhat.com/errata/RHSA-2022:0041
reference_id	RHSA-2022:0041
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0041

reference_url	https://access.redhat.com/errata/RHSA-2022:0246
reference_id	RHSA-2022:0246
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0246

reference_url	https://access.redhat.com/errata/RHSA-2022:0350
reference_id	RHSA-2022:0350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0350

reference_url	https://access.redhat.com/errata/RHSA-2022:4914
reference_id	RHSA-2022:4914
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4914

fixed_packages

aliases

CVE-2021-22959

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

url

VCID-hwk3-sg9p-wqe7

vulnerability_id

VCID-hwk3-sg9p-wqe7

summary

json-schema is vulnerable to Prototype Pollution
json-schema before version 0.4.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3918.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3918.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3918

reference_id

reference_type

scores

value	0.01262
scoring_system	epss
scoring_elements	0.7952
published_at	2026-04-29T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.79504
published_at	2026-04-26T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.79497
published_at	2026-04-24T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.79466
published_at	2026-04-21T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.79462
published_at	2026-04-18T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.79464
published_at	2026-04-16T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.79433
published_at	2026-04-13T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.79384
published_at	2026-04-01T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.7946
published_at	2026-04-11T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.79437
published_at	2026-04-09T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.79428
published_at	2026-04-08T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.794
published_at	2026-04-07T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.79413
published_at	2026-04-04T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.79391
published_at	2026-04-02T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.79443
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3918

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3918
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3918

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/kriszyp/json-schema

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/kriszyp/json-schema

reference_url

https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741

reference_url

https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a

reference_url

https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa

reference_url

https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9

reference_url

https://lists.debian.org/debian-lts-announce/2022/12/msg00013.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/12/msg00013.html

reference_url

https://security.netapp.com/advisory/ntap-20250117-0004

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20250117-0004

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2024702
reference_id	2024702
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2024702

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999765
reference_id	999765
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999765

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3918

reference_id

CVE-2021-3918

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3918

reference_url

https://github.com/advisories/GHSA-896r-f27r-55mw

reference_id

GHSA-896r-f27r-55mw

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-896r-f27r-55mw

reference_url	https://access.redhat.com/errata/RHSA-2021:5171
reference_id	RHSA-2021:5171
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5171

reference_url	https://access.redhat.com/errata/RHSA-2022:0041
reference_id	RHSA-2022:0041
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0041

reference_url	https://access.redhat.com/errata/RHSA-2022:0246
reference_id	RHSA-2022:0246
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0246

reference_url	https://access.redhat.com/errata/RHSA-2022:0350
reference_id	RHSA-2022:0350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0350

reference_url	https://access.redhat.com/errata/RHSA-2022:4914
reference_id	RHSA-2022:4914
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4914

reference_url	https://access.redhat.com/errata/RHSA-2022:4956
reference_id	RHSA-2022:4956
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4956

reference_url	https://usn.ubuntu.com/6103-1/
reference_id	USN-6103-1
reference_type
scores
url	https://usn.ubuntu.com/6103-1/

fixed_packages

aliases

CVE-2021-3918, GHSA-896r-f27r-55mw

risk_score

4.5

exploitability

0.5

weighted_severity

9.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-hwk3-sg9p-wqe7

url

VCID-m5ae-uc68-d3g2

vulnerability_id

VCID-m5ae-uc68-d3g2

summary

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
This advisory has been marked as a false positive.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21824.json

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21824.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-21824

reference_id

reference_type

scores

value	0.00335
scoring_system	epss
scoring_elements	0.56291
published_at	2026-04-29T12:55:00Z

value	0.00335
scoring_system	epss
scoring_elements	0.56372
published_at	2026-04-21T12:55:00Z

value	0.00335
scoring_system	epss
scoring_elements	0.56293
published_at	2026-04-24T12:55:00Z

value	0.00335
scoring_system	epss
scoring_elements	0.56313
published_at	2026-04-26T12:55:00Z

value	0.00505
scoring_system	epss
scoring_elements	0.66171
published_at	2026-04-02T12:55:00Z

value	0.0066
scoring_system	epss
scoring_elements	0.71088
published_at	2026-04-09T12:55:00Z

value	0.0066
scoring_system	epss
scoring_elements	0.71111
published_at	2026-04-11T12:55:00Z

value	0.0066
scoring_system	epss
scoring_elements	0.71096
published_at	2026-04-12T12:55:00Z

value	0.0066
scoring_system	epss
scoring_elements	0.7108
published_at	2026-04-13T12:55:00Z

value	0.0066
scoring_system	epss
scoring_elements	0.71126
published_at	2026-04-16T12:55:00Z

value	0.0066
scoring_system	epss
scoring_elements	0.71134
published_at	2026-04-18T12:55:00Z

value	0.0066
scoring_system	epss
scoring_elements	0.71033
published_at	2026-04-07T12:55:00Z

value	0.0066
scoring_system	epss
scoring_elements	0.71076
published_at	2026-04-08T12:55:00Z

value	0.0066
scoring_system	epss
scoring_elements	0.71058
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-21824

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/1431042
reference_id
reference_type
scores
url	https://hackerone.com/reports/1431042

reference_url	https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/

reference_url	https://security.netapp.com/advisory/ntap-20220325-0007/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220325-0007/

reference_url	https://security.netapp.com/advisory/ntap-20220729-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220729-0004/

reference_url	https://www.debian.org/security/2022/dsa-5170
reference_id
reference_type
scores
url	https://www.debian.org/security/2022/dsa-5170

reference_url	https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url	https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177
reference_id	1004177
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2040862
reference_id	2040862
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2040862

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-21824
reference_id	CVE-2022-21824
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-21824

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2022:4914
reference_id	RHSA-2022:4914
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4914

reference_url	https://access.redhat.com/errata/RHSA-2022:7044
reference_id	RHSA-2022:7044
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7044

reference_url	https://access.redhat.com/errata/RHSA-2022:7830
reference_id	RHSA-2022:7830
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7830

reference_url	https://access.redhat.com/errata/RHSA-2022:9073
reference_id	RHSA-2022:9073
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9073

reference_url	https://access.redhat.com/errata/RHSA-2023:1742
reference_id	RHSA-2023:1742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1742

reference_url	https://access.redhat.com/errata/RHSA-2023:3742
reference_id	RHSA-2023:3742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3742

fixed_packages

aliases

CVE-2022-21824

risk_score

3.7

exploitability

0.5

weighted_severity

7.4

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-m5ae-uc68-d3g2

url

VCID-ms5y-gp7v-2qay

vulnerability_id

VCID-ms5y-gp7v-2qay

summary

Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44533.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44533.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44533

reference_id

reference_type

scores

value	0.00364
scoring_system	epss
scoring_elements	0.58428
published_at	2026-04-29T12:55:00Z

value	0.00364
scoring_system	epss
scoring_elements	0.58467
published_at	2026-04-21T12:55:00Z

value	0.00364
scoring_system	epss
scoring_elements	0.58429
published_at	2026-04-24T12:55:00Z

value	0.00364
scoring_system	epss
scoring_elements	0.58442
published_at	2026-04-26T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.6195
published_at	2026-04-04T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.61987
published_at	2026-04-09T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.62008
published_at	2026-04-11T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.61997
published_at	2026-04-12T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.61977
published_at	2026-04-13T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.62019
published_at	2026-04-16T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.62024
published_at	2026-04-18T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.61846
published_at	2026-04-01T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.61969
published_at	2026-04-08T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.6192
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44533

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177
reference_id	1004177
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2040856
reference_id	2040856
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2040856

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2022:4914
reference_id	RHSA-2022:4914
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4914

reference_url	https://access.redhat.com/errata/RHSA-2022:7044
reference_id	RHSA-2022:7044
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7044

reference_url	https://access.redhat.com/errata/RHSA-2022:7830
reference_id	RHSA-2022:7830
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7830

reference_url	https://access.redhat.com/errata/RHSA-2022:9073
reference_id	RHSA-2022:9073
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9073

reference_url	https://access.redhat.com/errata/RHSA-2023:1742
reference_id	RHSA-2023:1742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1742

reference_url	https://access.redhat.com/errata/RHSA-2023:3742
reference_id	RHSA-2023:3742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3742

fixed_packages

aliases

CVE-2021-44533

risk_score

3.4

exploitability

0.5

weighted_severity

6.7

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-ms5y-gp7v-2qay

url

VCID-tnhd-rr89-9udh

vulnerability_id

VCID-tnhd-rr89-9udh

summary

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
The parse function in llhttp ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22960.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22960.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22960

reference_id

reference_type

scores

value	0.00229
scoring_system	epss
scoring_elements	0.45642
published_at	2026-04-01T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.456
published_at	2026-04-29T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45651
published_at	2026-04-24T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.4566
published_at	2026-04-26T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45709
published_at	2026-04-02T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45729
published_at	2026-04-13T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45677
published_at	2026-04-07T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45733
published_at	2026-04-08T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45751
published_at	2026-04-11T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45721
published_at	2026-04-12T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45779
published_at	2026-04-16T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45773
published_at	2026-04-18T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.4572
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/1238099
reference_id
reference_type
scores
url	https://hackerone.com/reports/1238099

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2014059
reference_id	2014059
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2014059

reference_url	https://security.archlinux.org/ASA-202110-4
reference_id	ASA-202110-4
reference_type
scores
url	https://security.archlinux.org/ASA-202110-4

reference_url

reference_id

AVG-2460

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url