Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

Type deb

Namespace debian

Name nodejs

Version 18.20.4+dfsg-1~deb12u1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 20.19.2+dfsg-1

Latest_non_vulnerable_version 20.19.2+dfsg-1

Affected_by_vulnerabilities

url VCID-1vp3-fzdr-yqbm

vulnerability_id VCID-1vp3-fzdr-yqbm

summary Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21715.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21715.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-21715

reference_id

reference_type

scores

value	4e-05
scoring_system	epss
scoring_elements	0.00177
published_at	2026-04-04T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00201
published_at	2026-04-08T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.002
published_at	2026-04-09T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00202
published_at	2026-04-13T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00204
published_at	2026-04-16T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00205
published_at	2026-04-29T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00208
published_at	2026-04-24T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00207
published_at	2026-04-26T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00216
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-21715

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21715
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21715

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2453152
reference_id	2453152
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2453152

reference_url	https://access.redhat.com/errata/RHSA-2026:7350
reference_id	RHSA-2026:7350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7350

reference_url	https://access.redhat.com/errata/RHSA-2026:7670
reference_id	RHSA-2026:7670
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7670

reference_url	https://access.redhat.com/errata/RHSA-2026:7675
reference_id	RHSA-2026:7675
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7675

fixed_packages

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1

aliases CVE-2026-21715

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1vp3-fzdr-yqbm

url VCID-2t7c-dju9-pff6

vulnerability_id VCID-2t7c-dju9-pff6

summary Node.js: Node.js: Information disclosure via timing oracle in HMAC verification

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21713.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21713.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-21713

reference_id

reference_type

scores

value	0.00011
scoring_system	epss
scoring_elements	0.0144
published_at	2026-04-02T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03543
published_at	2026-04-04T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05611
published_at	2026-04-11T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05575
published_at	2026-04-07T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05613
published_at	2026-04-08T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05638
published_at	2026-04-09T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05602
published_at	2026-04-12T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05595
published_at	2026-04-13T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05546
published_at	2026-04-16T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.0556
published_at	2026-04-18T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07607
published_at	2026-04-26T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07629
published_at	2026-04-24T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07571
published_at	2026-04-29T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07681
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-21713

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21713
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21713

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2453160
reference_id	2453160
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2453160

reference_url

https://nodejs.org/en/blog/vulnerability/march-2026-security-releases

reference_id

march-2026-security-releases

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-30T19:45:13Z/

url

https://nodejs.org/en/blog/vulnerability/march-2026-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2026:7350
reference_id	RHSA-2026:7350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7350

reference_url	https://access.redhat.com/errata/RHSA-2026:7670
reference_id	RHSA-2026:7670
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7670

reference_url	https://access.redhat.com/errata/RHSA-2026:7675
reference_id	RHSA-2026:7675
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7675

fixed_packages

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1

aliases CVE-2026-21713

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2t7c-dju9-pff6

url VCID-43sf-4r41-wugc

vulnerability_id VCID-43sf-4r41-wugc

summary nodejs: Nodejs filesystem permissions bypass

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55132.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55132.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-55132

reference_id

reference_type

scores

value	0.0001
scoring_system	epss
scoring_elements	0.01084
published_at	2026-04-02T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01149
published_at	2026-04-29T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01068
published_at	2026-04-16T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01077
published_at	2026-04-18T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01142
published_at	2026-04-24T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01085
published_at	2026-04-04T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01091
published_at	2026-04-07T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01096
published_at	2026-04-09T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.0108
published_at	2026-04-11T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01073
published_at	2026-04-12T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01075
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-55132

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55132
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55132

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2431338
reference_id	2431338
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2431338

reference_url

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases

reference_id

december-2025-security-releases

reference_type

scores

value	2.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T18:38:44Z/

url

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2026:1842
reference_id	RHSA-2026:1842
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1842

reference_url	https://access.redhat.com/errata/RHSA-2026:1843
reference_id	RHSA-2026:1843
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1843

reference_url	https://access.redhat.com/errata/RHSA-2026:2420
reference_id	RHSA-2026:2420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2420

reference_url	https://access.redhat.com/errata/RHSA-2026:2421
reference_id	RHSA-2026:2421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2421

reference_url	https://access.redhat.com/errata/RHSA-2026:2422
reference_id	RHSA-2026:2422
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2422

reference_url	https://access.redhat.com/errata/RHSA-2026:2781
reference_id	RHSA-2026:2781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2781

reference_url	https://access.redhat.com/errata/RHSA-2026:2782
reference_id	RHSA-2026:2782
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2782

reference_url	https://access.redhat.com/errata/RHSA-2026:2783
reference_id	RHSA-2026:2783
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2783

reference_url	https://access.redhat.com/errata/RHSA-2026:6402
reference_id	RHSA-2026:6402
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6402

reference_url	https://access.redhat.com/errata/RHSA-2026:6431
reference_id	RHSA-2026:6431
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6431

reference_url	https://access.redhat.com/errata/RHSA-2026:7378
reference_id	RHSA-2026:7378
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7378

reference_url	https://access.redhat.com/errata/RHSA-2026:7386
reference_id	RHSA-2026:7386
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7386

reference_url	https://access.redhat.com/errata/RHSA-2026:7387
reference_id	RHSA-2026:7387
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7387

reference_url	https://access.redhat.com/errata/RHSA-2026:7657
reference_id	RHSA-2026:7657
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7657

fixed_packages

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1

aliases CVE-2025-55132

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-43sf-4r41-wugc

url VCID-96yh-1wub-zucg

vulnerability_id VCID-96yh-1wub-zucg

summary Node.js: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21714.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21714.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-21714

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.0161
published_at	2026-04-04T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02382
published_at	2026-04-02T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02672
published_at	2026-04-18T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02664
published_at	2026-04-16T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02682
published_at	2026-04-13T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.0377
published_at	2026-04-29T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03389
published_at	2026-04-07T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03392
published_at	2026-04-08T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03414
published_at	2026-04-09T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03372
published_at	2026-04-11T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03344
published_at	2026-04-12T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03718
published_at	2026-04-21T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03722
published_at	2026-04-24T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03725
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-21714

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21714
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21714

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2453161
reference_id	2453161
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2453161

reference_url

https://nodejs.org/en/blog/vulnerability/march-2026-security-releases

reference_id

march-2026-security-releases

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T16:14:45Z/

url

https://nodejs.org/en/blog/vulnerability/march-2026-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2026:7350
reference_id	RHSA-2026:7350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7350

reference_url	https://access.redhat.com/errata/RHSA-2026:7670
reference_id	RHSA-2026:7670
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7670

reference_url	https://access.redhat.com/errata/RHSA-2026:7675
reference_id	RHSA-2026:7675
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7675

fixed_packages

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1

aliases CVE-2026-21714

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-96yh-1wub-zucg

url VCID-98fy-tedc-ube7

vulnerability_id VCID-98fy-tedc-ube7

summary nodejs: Nodejs uninitialized memory exposure

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55131.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55131.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-55131

reference_id

reference_type

scores

value	0.00034
scoring_system	epss
scoring_elements	0.09833
published_at	2026-04-02T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09836
published_at	2026-04-29T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09865
published_at	2026-04-21T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09911
published_at	2026-04-24T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09877
published_at	2026-04-26T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09884
published_at	2026-04-04T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09783
published_at	2026-04-07T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09855
published_at	2026-04-08T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09908
published_at	2026-04-09T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09913
published_at	2026-04-11T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09876
published_at	2026-04-12T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09861
published_at	2026-04-13T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09742
published_at	2026-04-16T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09715
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-55131

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55131
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55131

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2431350
reference_id	2431350
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2431350

reference_url

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases

reference_id

december-2025-security-releases

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:31Z/

url

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2026:1842
reference_id	RHSA-2026:1842
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1842

reference_url	https://access.redhat.com/errata/RHSA-2026:1843
reference_id	RHSA-2026:1843
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1843

reference_url	https://access.redhat.com/errata/RHSA-2026:2420
reference_id	RHSA-2026:2420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2420

reference_url	https://access.redhat.com/errata/RHSA-2026:2421
reference_id	RHSA-2026:2421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2421

reference_url	https://access.redhat.com/errata/RHSA-2026:2422
reference_id	RHSA-2026:2422
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2422

reference_url	https://access.redhat.com/errata/RHSA-2026:2767
reference_id	RHSA-2026:2767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2767

reference_url	https://access.redhat.com/errata/RHSA-2026:2768
reference_id	RHSA-2026:2768
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2768

reference_url	https://access.redhat.com/errata/RHSA-2026:2781
reference_id	RHSA-2026:2781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2781

reference_url	https://access.redhat.com/errata/RHSA-2026:2782
reference_id	RHSA-2026:2782
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2782

reference_url	https://access.redhat.com/errata/RHSA-2026:2783
reference_id	RHSA-2026:2783
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2783

reference_url	https://access.redhat.com/errata/RHSA-2026:2864
reference_id	RHSA-2026:2864
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2864

reference_url	https://access.redhat.com/errata/RHSA-2026:2899
reference_id	RHSA-2026:2899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2899

reference_url	https://access.redhat.com/errata/RHSA-2026:6402
reference_id	RHSA-2026:6402
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6402

reference_url	https://access.redhat.com/errata/RHSA-2026:6431
reference_id	RHSA-2026:6431
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6431

reference_url	https://access.redhat.com/errata/RHSA-2026:7378
reference_id	RHSA-2026:7378
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7378

reference_url	https://access.redhat.com/errata/RHSA-2026:7386
reference_id	RHSA-2026:7386
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7386

reference_url	https://access.redhat.com/errata/RHSA-2026:7387
reference_id	RHSA-2026:7387
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7387

reference_url	https://access.redhat.com/errata/RHSA-2026:7657
reference_id	RHSA-2026:7657
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7657

fixed_packages

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1

aliases CVE-2025-55131

risk_score 3.2

exploitability 0.5

weighted_severity 6.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-98fy-tedc-ube7

url VCID-bjza-25hu-vkad

vulnerability_id VCID-bjza-25hu-vkad

summary nodejs: Nodejs denial of service

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21637.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21637.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-21637

reference_id

reference_type

scores

value	0.00044
scoring_system	epss
scoring_elements	0.1369
published_at	2026-04-02T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13426
published_at	2026-04-29T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13551
published_at	2026-04-21T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13564
published_at	2026-04-24T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13535
published_at	2026-04-26T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13752
published_at	2026-04-04T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13552
published_at	2026-04-07T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13633
published_at	2026-04-08T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13684
published_at	2026-04-09T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13654
published_at	2026-04-11T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13618
published_at	2026-04-12T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.1357
published_at	2026-04-13T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13484
published_at	2026-04-16T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.1348
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-21637

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21637
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21637

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2431340
reference_id	2431340
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2431340

reference_url

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases

reference_id

december-2025-security-releases

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-21T20:22:28Z/

url

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2026:1842
reference_id	RHSA-2026:1842
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1842

reference_url	https://access.redhat.com/errata/RHSA-2026:1843
reference_id	RHSA-2026:1843
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1843

reference_url	https://access.redhat.com/errata/RHSA-2026:2420
reference_id	RHSA-2026:2420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2420

reference_url	https://access.redhat.com/errata/RHSA-2026:2421
reference_id	RHSA-2026:2421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2421

reference_url	https://access.redhat.com/errata/RHSA-2026:2422
reference_id	RHSA-2026:2422
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2422

reference_url	https://access.redhat.com/errata/RHSA-2026:2767
reference_id	RHSA-2026:2767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2767

reference_url	https://access.redhat.com/errata/RHSA-2026:2768
reference_id	RHSA-2026:2768
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2768

reference_url	https://access.redhat.com/errata/RHSA-2026:2781
reference_id	RHSA-2026:2781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2781

reference_url	https://access.redhat.com/errata/RHSA-2026:2782
reference_id	RHSA-2026:2782
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2782

reference_url	https://access.redhat.com/errata/RHSA-2026:2783
reference_id	RHSA-2026:2783
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2783

reference_url	https://access.redhat.com/errata/RHSA-2026:2864
reference_id	RHSA-2026:2864
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2864

reference_url	https://access.redhat.com/errata/RHSA-2026:2899
reference_id	RHSA-2026:2899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2899

reference_url	https://access.redhat.com/errata/RHSA-2026:6402
reference_id	RHSA-2026:6402
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6402

reference_url	https://access.redhat.com/errata/RHSA-2026:6431
reference_id	RHSA-2026:6431
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6431

reference_url	https://access.redhat.com/errata/RHSA-2026:7350
reference_id	RHSA-2026:7350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7350

reference_url	https://access.redhat.com/errata/RHSA-2026:7386
reference_id	RHSA-2026:7386
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7386

reference_url	https://access.redhat.com/errata/RHSA-2026:7387
reference_id	RHSA-2026:7387
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7387

reference_url	https://access.redhat.com/errata/RHSA-2026:7670
reference_id	RHSA-2026:7670
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7670

reference_url	https://access.redhat.com/errata/RHSA-2026:7675
reference_id	RHSA-2026:7675
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7675

fixed_packages

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1

aliases CVE-2026-21637

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bjza-25hu-vkad

url VCID-dgkh-jdah-wfh9

vulnerability_id VCID-dgkh-jdah-wfh9

summary nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21717.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21717.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-21717

reference_id

reference_type

scores

value	0.00017
scoring_system	epss
scoring_elements	0.04143
published_at	2026-04-02T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05391
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07439
published_at	2026-04-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07373
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07429
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07452
published_at	2026-04-09T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07425
published_at	2026-04-12T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07414
published_at	2026-04-13T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07343
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07331
published_at	2026-04-18T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10135
published_at	2026-04-26T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10156
published_at	2026-04-24T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10078
published_at	2026-04-29T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10176
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-21717

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21717
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21717

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2453162
reference_id	2453162
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2453162

reference_url

https://nodejs.org/en/blog/vulnerability/march-2026-security-releases

reference_id

march-2026-security-releases

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T19:46:02Z/

url

https://nodejs.org/en/blog/vulnerability/march-2026-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2026:6402
reference_id	RHSA-2026:6402
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6402

reference_url	https://access.redhat.com/errata/RHSA-2026:6431
reference_id	RHSA-2026:6431
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6431

reference_url	https://access.redhat.com/errata/RHSA-2026:7350
reference_id	RHSA-2026:7350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7350

reference_url	https://access.redhat.com/errata/RHSA-2026:7386
reference_id	RHSA-2026:7386
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7386

reference_url	https://access.redhat.com/errata/RHSA-2026:7387
reference_id	RHSA-2026:7387
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7387

reference_url	https://access.redhat.com/errata/RHSA-2026:7670
reference_id	RHSA-2026:7670
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7670

reference_url	https://access.redhat.com/errata/RHSA-2026:7675
reference_id	RHSA-2026:7675
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7675

fixed_packages

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1

aliases CVE-2026-21717

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dgkh-jdah-wfh9

url VCID-dt7u-3usg-9uet

vulnerability_id VCID-dt7u-3usg-9uet

summary Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21710.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21710.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-21710

reference_id

reference_type

scores

value	0.00014
scoring_system	epss
scoring_elements	0.0252
published_at	2026-04-02T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03788
published_at	2026-04-04T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05805
published_at	2026-04-11T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05762
published_at	2026-04-07T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05801
published_at	2026-04-08T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05826
published_at	2026-04-09T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05797
published_at	2026-04-12T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.0579
published_at	2026-04-13T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05755
published_at	2026-04-16T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05763
published_at	2026-04-18T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.08043
published_at	2026-04-26T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.08078
published_at	2026-04-24T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.08015
published_at	2026-04-29T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.08124
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-21710

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2453151
reference_id	2453151
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2453151

reference_url

https://nodejs.org/en/blog/vulnerability/march-2026-security-releases

reference_id

march-2026-security-releases

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:55:20Z/

url

https://nodejs.org/en/blog/vulnerability/march-2026-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2026:7080
reference_id	RHSA-2026:7080
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7080

reference_url	https://access.redhat.com/errata/RHSA-2026:7123
reference_id	RHSA-2026:7123
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7123

reference_url	https://access.redhat.com/errata/RHSA-2026:7302
reference_id	RHSA-2026:7302
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7302

reference_url	https://access.redhat.com/errata/RHSA-2026:7310
reference_id	RHSA-2026:7310
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7310

reference_url	https://access.redhat.com/errata/RHSA-2026:7350
reference_id	RHSA-2026:7350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7350

reference_url	https://access.redhat.com/errata/RHSA-2026:7670
reference_id	RHSA-2026:7670
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7670

reference_url	https://access.redhat.com/errata/RHSA-2026:7675
reference_id	RHSA-2026:7675
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7675

reference_url	https://access.redhat.com/errata/RHSA-2026:7896
reference_id	RHSA-2026:7896
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7896

reference_url	https://access.redhat.com/errata/RHSA-2026:7983
reference_id	RHSA-2026:7983
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7983

reference_url	https://access.redhat.com/errata/RHSA-2026:8339
reference_id	RHSA-2026:8339
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8339

reference_url	https://access.redhat.com/errata/RHSA-2026:9711
reference_id	RHSA-2026:9711
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9711

reference_url	https://access.redhat.com/errata/RHSA-2026:9874
reference_id	RHSA-2026:9874
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9874

fixed_packages

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1

aliases CVE-2026-21710

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dt7u-3usg-9uet

url VCID-twc8-ewm7-wkb1

vulnerability_id VCID-twc8-ewm7-wkb1

summary nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21716.json

reference_id

reference_type

scores

value	3.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21716.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-21716

reference_id

reference_type

scores

value	4e-05
scoring_system	epss
scoring_elements	0.00177
published_at	2026-04-02T12:55:00Z

value	4e-05
scoring_system	epss
scoring_elements	0.00202
published_at	2026-04-26T12:55:00Z

value	4e-05
scoring_system	epss
scoring_elements	0.00198
published_at	2026-04-13T12:55:00Z

value	4e-05
scoring_system	epss
scoring_elements	0.00199
published_at	2026-04-29T12:55:00Z

value	4e-05
scoring_system	epss
scoring_elements	0.00201
published_at	2026-04-21T12:55:00Z

value	4e-05
scoring_system	epss
scoring_elements	0.00169
published_at	2026-04-04T12:55:00Z

value	4e-05
scoring_system	epss
scoring_elements	0.00196
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-21716

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21716
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21716

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2453157
reference_id	2453157
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2453157

reference_url

https://nodejs.org/en/blog/vulnerability/march-2026-security-releases

reference_id

march-2026-security-releases

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:27:06Z/

url

https://nodejs.org/en/blog/vulnerability/march-2026-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2026:6402
reference_id	RHSA-2026:6402
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6402

reference_url	https://access.redhat.com/errata/RHSA-2026:6431
reference_id	RHSA-2026:6431
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6431

reference_url	https://access.redhat.com/errata/RHSA-2026:7350
reference_id	RHSA-2026:7350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7350

reference_url	https://access.redhat.com/errata/RHSA-2026:7386
reference_id	RHSA-2026:7386
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7386

reference_url	https://access.redhat.com/errata/RHSA-2026:7387
reference_id	RHSA-2026:7387
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7387

reference_url	https://access.redhat.com/errata/RHSA-2026:7670
reference_id	RHSA-2026:7670
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7670

reference_url	https://access.redhat.com/errata/RHSA-2026:7675
reference_id	RHSA-2026:7675
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7675

fixed_packages

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1

aliases CVE-2026-21716

risk_score 1.7

exploitability 0.5

weighted_severity 3.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-twc8-ewm7-wkb1

url VCID-u8bq-8jp4-jkem

vulnerability_id VCID-u8bq-8jp4-jkem

summary nodejs: Nodejs denial of service

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59466.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59466.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-59466

reference_id

reference_type

scores

value	0.00029
scoring_system	epss
scoring_elements	0.0809
published_at	2026-04-02T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08064
published_at	2026-04-29T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08171
published_at	2026-04-21T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08127
published_at	2026-04-24T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08091
published_at	2026-04-26T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08133
published_at	2026-04-04T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08085
published_at	2026-04-07T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08146
published_at	2026-04-08T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08168
published_at	2026-04-09T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.0816
published_at	2026-04-11T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.0814
published_at	2026-04-12T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08123
published_at	2026-04-13T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.0803
published_at	2026-04-16T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08015
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-59466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59466
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59466

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2431343
reference_id	2431343
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2431343

reference_url

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases

reference_id

december-2025-security-releases

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T18:38:35Z/

url

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2026:1842
reference_id	RHSA-2026:1842
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1842

reference_url	https://access.redhat.com/errata/RHSA-2026:1843
reference_id	RHSA-2026:1843
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1843

reference_url	https://access.redhat.com/errata/RHSA-2026:2420
reference_id	RHSA-2026:2420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2420

reference_url	https://access.redhat.com/errata/RHSA-2026:2421
reference_id	RHSA-2026:2421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2421

reference_url	https://access.redhat.com/errata/RHSA-2026:2422
reference_id	RHSA-2026:2422
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2422

reference_url	https://access.redhat.com/errata/RHSA-2026:2767
reference_id	RHSA-2026:2767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2767

reference_url	https://access.redhat.com/errata/RHSA-2026:2768
reference_id	RHSA-2026:2768
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2768

reference_url	https://access.redhat.com/errata/RHSA-2026:2781
reference_id	RHSA-2026:2781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2781

reference_url	https://access.redhat.com/errata/RHSA-2026:2782
reference_id	RHSA-2026:2782
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2782

reference_url	https://access.redhat.com/errata/RHSA-2026:2783
reference_id	RHSA-2026:2783
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2783

reference_url	https://access.redhat.com/errata/RHSA-2026:2864
reference_id	RHSA-2026:2864
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2864

reference_url	https://access.redhat.com/errata/RHSA-2026:2899
reference_id	RHSA-2026:2899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2899

reference_url	https://access.redhat.com/errata/RHSA-2026:6402
reference_id	RHSA-2026:6402
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6402

reference_url	https://access.redhat.com/errata/RHSA-2026:6431
reference_id	RHSA-2026:6431
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6431

reference_url	https://access.redhat.com/errata/RHSA-2026:7386
reference_id	RHSA-2026:7386
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7386

reference_url	https://access.redhat.com/errata/RHSA-2026:7387
reference_id	RHSA-2026:7387
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7387

fixed_packages

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1

aliases CVE-2025-59466

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u8bq-8jp4-jkem

url VCID-v7uy-445x-tuan

vulnerability_id VCID-v7uy-445x-tuan

summary nodejs: Nodejs denial of service

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59465.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59465.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-59465

reference_id

reference_type

scores

value	0.00076
scoring_system	epss
scoring_elements	0.2297
published_at	2026-04-02T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.2265
published_at	2026-04-29T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22825
published_at	2026-04-21T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22661
published_at	2026-04-24T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22654
published_at	2026-04-26T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.23014
published_at	2026-04-04T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22805
published_at	2026-04-07T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22879
published_at	2026-04-08T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22931
published_at	2026-04-09T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.2295
published_at	2026-04-11T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22913
published_at	2026-04-12T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22856
published_at	2026-04-13T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22871
published_at	2026-04-16T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22865
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-59465

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59465
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59465

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2431349
reference_id	2431349
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2431349

reference_url

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases

reference_id

december-2025-security-releases

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-21T20:10:32Z/

url

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2026:1842
reference_id	RHSA-2026:1842
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1842

reference_url	https://access.redhat.com/errata/RHSA-2026:1843
reference_id	RHSA-2026:1843
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1843

reference_url	https://access.redhat.com/errata/RHSA-2026:2420
reference_id	RHSA-2026:2420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2420

reference_url	https://access.redhat.com/errata/RHSA-2026:2421
reference_id	RHSA-2026:2421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2421

reference_url	https://access.redhat.com/errata/RHSA-2026:2422
reference_id	RHSA-2026:2422
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2422

reference_url	https://access.redhat.com/errata/RHSA-2026:2767
reference_id	RHSA-2026:2767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2767

reference_url	https://access.redhat.com/errata/RHSA-2026:2768
reference_id	RHSA-2026:2768
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2768

reference_url	https://access.redhat.com/errata/RHSA-2026:2781
reference_id	RHSA-2026:2781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2781

reference_url	https://access.redhat.com/errata/RHSA-2026:2782
reference_id	RHSA-2026:2782
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2782

reference_url	https://access.redhat.com/errata/RHSA-2026:2783
reference_id	RHSA-2026:2783
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2783

reference_url	https://access.redhat.com/errata/RHSA-2026:2864
reference_id	RHSA-2026:2864
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2864

reference_url	https://access.redhat.com/errata/RHSA-2026:2899
reference_id	RHSA-2026:2899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2899

reference_url	https://access.redhat.com/errata/RHSA-2026:6402
reference_id	RHSA-2026:6402
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6402

reference_url	https://access.redhat.com/errata/RHSA-2026:6431
reference_id	RHSA-2026:6431
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6431

reference_url	https://access.redhat.com/errata/RHSA-2026:7386
reference_id	RHSA-2026:7386
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7386

reference_url	https://access.redhat.com/errata/RHSA-2026:7387
reference_id	RHSA-2026:7387
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7387

fixed_packages

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1

aliases CVE-2025-59465

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v7uy-445x-tuan

url VCID-wf5t-3pwz-c7d7

vulnerability_id VCID-wf5t-3pwz-c7d7

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which can lead to arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23085.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23085.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-23085

reference_id

reference_type

scores

value	0.00164
scoring_system	epss
scoring_elements	0.37039
published_at	2026-04-29T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37404
published_at	2026-04-13T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37451
published_at	2026-04-16T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37433
published_at	2026-04-18T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37377
published_at	2026-04-21T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37158
published_at	2026-04-24T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37127
published_at	2026-04-26T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.3744
published_at	2026-04-08T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37452
published_at	2026-04-09T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37466
published_at	2026-04-11T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37431
published_at	2026-04-12T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38175
published_at	2026-04-02T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38197
published_at	2026-04-04T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38068
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-23085

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23085
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23085

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094134
reference_id	1094134
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094134

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2342618
reference_id	2342618
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2342618

reference_url	https://security.gentoo.org/glsa/202506-08
reference_id	GLSA-202506-08
reference_type
scores
url	https://security.gentoo.org/glsa/202506-08

reference_url

https://nodejs.org/en/blog/vulnerability/january-2025-security-releases

reference_id

january-2025-security-releases

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-07T15:50:24Z/

url

https://nodejs.org/en/blog/vulnerability/january-2025-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2025:1351
reference_id	RHSA-2025:1351
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1351

reference_url	https://access.redhat.com/errata/RHSA-2025:1443
reference_id	RHSA-2025:1443
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1443

reference_url	https://access.redhat.com/errata/RHSA-2025:1446
reference_id	RHSA-2025:1446
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1446

reference_url	https://access.redhat.com/errata/RHSA-2025:1582
reference_id	RHSA-2025:1582
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1582

reference_url	https://access.redhat.com/errata/RHSA-2025:1611
reference_id	RHSA-2025:1611
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1611

reference_url	https://access.redhat.com/errata/RHSA-2025:1613
reference_id	RHSA-2025:1613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1613

fixed_packages

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1

aliases CVE-2025-23085

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wf5t-3pwz-c7d7

url VCID-x1an-pjq4-nbby

vulnerability_id VCID-x1an-pjq4-nbby

summary nodejs: Nodejs file permissions bypass

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55130.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55130.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-55130

reference_id

reference_type

scores

value	0.00015
scoring_system	epss
scoring_elements	0.02953
published_at	2026-04-02T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03065
published_at	2026-04-29T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03034
published_at	2026-04-21T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03031
published_at	2026-04-24T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03021
published_at	2026-04-26T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02968
published_at	2026-04-04T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02976
published_at	2026-04-07T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02977
published_at	2026-04-08T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03002
published_at	2026-04-09T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02964
published_at	2026-04-11T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02941
published_at	2026-04-12T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02932
published_at	2026-04-13T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02906
published_at	2026-04-16T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02916
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-55130

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55130
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55130

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2431352
reference_id	2431352
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2431352

reference_url

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases

reference_id

december-2025-security-releases

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:29Z/

url

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2026:1842
reference_id	RHSA-2026:1842
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1842

reference_url	https://access.redhat.com/errata/RHSA-2026:1843
reference_id	RHSA-2026:1843
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1843

reference_url	https://access.redhat.com/errata/RHSA-2026:2420
reference_id	RHSA-2026:2420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2420

reference_url	https://access.redhat.com/errata/RHSA-2026:2421
reference_id	RHSA-2026:2421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2421

reference_url	https://access.redhat.com/errata/RHSA-2026:2422
reference_id	RHSA-2026:2422
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2422

reference_url	https://access.redhat.com/errata/RHSA-2026:2767
reference_id	RHSA-2026:2767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2767

reference_url	https://access.redhat.com/errata/RHSA-2026:2768
reference_id	RHSA-2026:2768
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2768

reference_url	https://access.redhat.com/errata/RHSA-2026:2781
reference_id	RHSA-2026:2781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2781

reference_url	https://access.redhat.com/errata/RHSA-2026:2782
reference_id	RHSA-2026:2782
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2782

reference_url	https://access.redhat.com/errata/RHSA-2026:2783
reference_id	RHSA-2026:2783
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2783

reference_url	https://access.redhat.com/errata/RHSA-2026:2864
reference_id	RHSA-2026:2864
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2864

reference_url	https://access.redhat.com/errata/RHSA-2026:2899
reference_id	RHSA-2026:2899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2899

reference_url	https://access.redhat.com/errata/RHSA-2026:6402
reference_id	RHSA-2026:6402
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6402

reference_url	https://access.redhat.com/errata/RHSA-2026:6431
reference_id	RHSA-2026:6431
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6431

reference_url	https://access.redhat.com/errata/RHSA-2026:7378
reference_id	RHSA-2026:7378
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7378

reference_url	https://access.redhat.com/errata/RHSA-2026:7386
reference_id	RHSA-2026:7386
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7386

reference_url	https://access.redhat.com/errata/RHSA-2026:7387
reference_id	RHSA-2026:7387
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7387

reference_url	https://access.redhat.com/errata/RHSA-2026:7657
reference_id	RHSA-2026:7657
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7657

fixed_packages

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1

aliases CVE-2025-55130

risk_score 3.2

exploitability 0.5

weighted_severity 6.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x1an-pjq4-nbby

url VCID-xkpz-pb5y-jqcy

vulnerability_id VCID-xkpz-pb5y-jqcy

summary nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23166.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23166.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-23166

reference_id

reference_type

scores

value	0.00304
scoring_system	epss
scoring_elements	0.53656
published_at	2026-04-29T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53693
published_at	2026-04-13T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53731
published_at	2026-04-16T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53735
published_at	2026-04-18T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53717
published_at	2026-04-21T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53679
published_at	2026-04-24T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53691
published_at	2026-04-26T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53633
published_at	2026-04-02T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53661
published_at	2026-04-04T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53629
published_at	2026-04-07T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.5368
published_at	2026-04-08T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53678
published_at	2026-04-09T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53727
published_at	2026-04-11T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53711
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-23166

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105832
reference_id	1105832
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105832

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2367163
reference_id	2367163
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2367163

reference_url	https://security.archlinux.org/ASA-202505-6
reference_id	ASA-202505-6
reference_type
scores
url	https://security.archlinux.org/ASA-202505-6

reference_url	https://security.archlinux.org/ASA-202505-7
reference_id	ASA-202505-7
reference_type
scores
url	https://security.archlinux.org/ASA-202505-7

reference_url	https://security.archlinux.org/ASA-202505-8
reference_id	ASA-202505-8
reference_type
scores
url	https://security.archlinux.org/ASA-202505-8

reference_url

https://security.archlinux.org/AVG-2871

reference_id

AVG-2871

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2871

reference_url

https://security.archlinux.org/AVG-2872

reference_id

AVG-2872

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2872

reference_url

https://security.archlinux.org/AVG-2873

reference_id

AVG-2873

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2873

reference_url

https://nodejs.org/en/blog/vulnerability/may-2025-security-releases

reference_id

may-2025-security-releases

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-19T14:11:17Z/

url

https://nodejs.org/en/blog/vulnerability/may-2025-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2025:8467
reference_id	RHSA-2025:8467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8467

reference_url	https://access.redhat.com/errata/RHSA-2025:8468
reference_id	RHSA-2025:8468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8468

reference_url	https://access.redhat.com/errata/RHSA-2025:8493
reference_id	RHSA-2025:8493
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8493

reference_url	https://access.redhat.com/errata/RHSA-2025:8506
reference_id	RHSA-2025:8506
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8506

reference_url	https://access.redhat.com/errata/RHSA-2025:8514
reference_id	RHSA-2025:8514
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8514

reference_url	https://access.redhat.com/errata/RHSA-2025:8902
reference_id	RHSA-2025:8902
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8902

fixed_packages

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1

aliases CVE-2025-23166

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xkpz-pb5y-jqcy

Fixing_vulnerabilities

url VCID-2z1f-7jkw-17av

vulnerability_id VCID-2z1f-7jkw-17av

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27982.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27982.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-27982

reference_id

reference_type

scores

value	0.00391
scoring_system	epss
scoring_elements	0.60121
published_at	2026-04-29T12:55:00Z

value	0.00391
scoring_system	epss
scoring_elements	0.60154
published_at	2026-04-16T12:55:00Z

value	0.00391
scoring_system	epss
scoring_elements	0.60161
published_at	2026-04-18T12:55:00Z

value	0.00391
scoring_system	epss
scoring_elements	0.60147
published_at	2026-04-21T12:55:00Z

value	0.00391
scoring_system	epss
scoring_elements	0.60117
published_at	2026-04-24T12:55:00Z

value	0.00391
scoring_system	epss
scoring_elements	0.60133
published_at	2026-04-26T12:55:00Z

value	0.00391
scoring_system	epss
scoring_elements	0.60068
published_at	2026-04-02T12:55:00Z

value	0.00391
scoring_system	epss
scoring_elements	0.60093
published_at	2026-04-04T12:55:00Z

value	0.00391
scoring_system	epss
scoring_elements	0.60063
published_at	2026-04-07T12:55:00Z

value	0.00391
scoring_system	epss
scoring_elements	0.60113
published_at	2026-04-08T12:55:00Z

value	0.00391
scoring_system	epss
scoring_elements	0.60127
published_at	2026-04-09T12:55:00Z

value	0.00391
scoring_system	epss
scoring_elements	0.60149
published_at	2026-04-11T12:55:00Z

value	0.00391
scoring_system	epss
scoring_elements	0.60134
published_at	2026-04-12T12:55:00Z

value	0.00391
scoring_system	epss
scoring_elements	0.60116
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-27982

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27982
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27982

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068347
reference_id	1068347
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068347

reference_url

https://hackerone.com/reports/2237099

reference_id

2237099

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-07T18:19:19Z/

url

https://hackerone.com/reports/2237099

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2275392
reference_id	2275392
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2275392

reference_url

https://security.archlinux.org/AVG-2852

reference_id

AVG-2852

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2852

reference_url

https://security.archlinux.org/AVG-2853

reference_id

AVG-2853

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2853

reference_url	https://security.gentoo.org/glsa/202505-11
reference_id	GLSA-202505-11
reference_type
scores
url	https://security.gentoo.org/glsa/202505-11

reference_url	https://access.redhat.com/errata/RHSA-2024:2778
reference_id	RHSA-2024:2778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2778

reference_url	https://access.redhat.com/errata/RHSA-2024:2779
reference_id	RHSA-2024:2779
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2779

reference_url	https://access.redhat.com/errata/RHSA-2024:2780
reference_id	RHSA-2024:2780
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2780

reference_url	https://access.redhat.com/errata/RHSA-2024:2853
reference_id	RHSA-2024:2853
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2853

reference_url	https://access.redhat.com/errata/RHSA-2024:2910
reference_id	RHSA-2024:2910
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2910

reference_url	https://access.redhat.com/errata/RHSA-2024:3545
reference_id	RHSA-2024:3545
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3545

reference_url	https://access.redhat.com/errata/RHSA-2024:4559
reference_id	RHSA-2024:4559
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4559

fixed_packages

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1

aliases CVE-2024-27982

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2z1f-7jkw-17av

url VCID-38k9-23j3-eqh7

vulnerability_id VCID-38k9-23j3-eqh7

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30581.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30581.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-30581

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.04633
published_at	2026-04-02T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04877
published_at	2026-04-29T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04791
published_at	2026-04-21T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04825
published_at	2026-04-24T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04864
published_at	2026-04-26T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04657
published_at	2026-04-04T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.0467
published_at	2026-04-07T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04704
published_at	2026-04-08T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04716
published_at	2026-04-09T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04709
published_at	2026-04-11T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04693
published_at	2026-04-12T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04676
published_at	2026-04-13T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04643
published_at	2026-04-16T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04651
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-30581

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30581
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30581

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990
reference_id	1039990
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2219824
reference_id	2219824
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2219824

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url

https://nodejs.org/en/blog/vulnerability/june-2023-security-releases

reference_id

june-2023-security-releases

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-05T14:18:07Z/

url

https://nodejs.org/en/blog/vulnerability/june-2023-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2023:4330
reference_id	RHSA-2023:4330
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4330

reference_url	https://access.redhat.com/errata/RHSA-2023:4331
reference_id	RHSA-2023:4331
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4331

reference_url	https://access.redhat.com/errata/RHSA-2023:4536
reference_id	RHSA-2023:4536
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4536

reference_url	https://access.redhat.com/errata/RHSA-2023:4537
reference_id	RHSA-2023:4537
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4537

reference_url	https://access.redhat.com/errata/RHSA-2023:5361
reference_id	RHSA-2023:5361
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5361

reference_url	https://access.redhat.com/errata/RHSA-2023:5533
reference_id	RHSA-2023:5533
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5533

fixed_packages

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1

aliases CVE-2023-30581

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-38k9-23j3-eqh7

url VCID-9yq7-aba3-c7c3

vulnerability_id VCID-9yq7-aba3-c7c3

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32559.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32559.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-32559

reference_id

reference_type

scores

value	0.00061
scoring_system	epss
scoring_elements	0.18728
published_at	2026-04-29T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18926
published_at	2026-04-13T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.1888
published_at	2026-04-16T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18892
published_at	2026-04-18T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18904
published_at	2026-04-21T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18793
published_at	2026-04-24T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18772
published_at	2026-04-26T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19169
published_at	2026-04-04T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18885
published_at	2026-04-07T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18963
published_at	2026-04-08T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19017
published_at	2026-04-09T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19024
published_at	2026-04-11T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.18977
published_at	2026-04-12T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22427
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-32559

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050739
reference_id	1050739
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050739

reference_url

https://hackerone.com/reports/1946470

reference_id

1946470

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:34:58Z/

url

https://hackerone.com/reports/1946470

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2230956
reference_id	2230956
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2230956

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url

https://security.netapp.com/advisory/ntap-20231006-0006/

reference_id

ntap-20231006-0006

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:34:58Z/

url

https://security.netapp.com/advisory/ntap-20231006-0006/

reference_url	https://access.redhat.com/errata/RHSA-2023:5360
reference_id	RHSA-2023:5360
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5360

reference_url	https://access.redhat.com/errata/RHSA-2023:5361
reference_id	RHSA-2023:5361
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5361

reference_url	https://access.redhat.com/errata/RHSA-2023:5362
reference_id	RHSA-2023:5362
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5362

reference_url	https://access.redhat.com/errata/RHSA-2023:5363
reference_id	RHSA-2023:5363
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5363

reference_url	https://access.redhat.com/errata/RHSA-2023:5532
reference_id	RHSA-2023:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5532

reference_url	https://access.redhat.com/errata/RHSA-2023:5533
reference_id	RHSA-2023:5533
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5533

reference_url	https://usn.ubuntu.com/6822-1/
reference_id	USN-6822-1
reference_type
scores
url	https://usn.ubuntu.com/6822-1/

fixed_packages

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1

aliases CVE-2023-32559

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9yq7-aba3-c7c3

url VCID-bx67-aud6-b3fa

vulnerability_id VCID-bx67-aud6-b3fa

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22025.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22025.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-22025

reference_id

reference_type

scores

value	0.0043
scoring_system	epss
scoring_elements	0.62483
published_at	2026-04-02T12:55:00Z

value	0.0043
scoring_system	epss
scoring_elements	0.62515
published_at	2026-04-04T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70504
published_at	2026-04-29T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70415
published_at	2026-04-13T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70457
published_at	2026-04-16T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70465
published_at	2026-04-18T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70445
published_at	2026-04-21T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70496
published_at	2026-04-24T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70505
published_at	2026-04-26T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70359
published_at	2026-04-07T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70404
published_at	2026-04-08T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.7042
published_at	2026-04-09T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70444
published_at	2026-04-11T12:55:00Z

value	0.00636
scoring_system	epss
scoring_elements	0.70429
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-22025

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22025
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22025

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2270559
reference_id	2270559
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2270559

reference_url

https://hackerone.com/reports/2284065

reference_id

2284065

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T20:30:35Z/

url

https://hackerone.com/reports/2284065

reference_url	https://security.gentoo.org/glsa/202505-11
reference_id	GLSA-202505-11
reference_type
scores
url	https://security.gentoo.org/glsa/202505-11

reference_url

https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html

reference_id

msg00029.html

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T20:30:35Z/

url

https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html

reference_url

https://security.netapp.com/advisory/ntap-20240517-0008/

reference_id

ntap-20240517-0008

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T20:30:35Z/

url

https://security.netapp.com/advisory/ntap-20240517-0008/

reference_url	https://access.redhat.com/errata/RHSA-2024:2778
reference_id	RHSA-2024:2778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2778

reference_url	https://access.redhat.com/errata/RHSA-2024:2779
reference_id	RHSA-2024:2779
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2779

reference_url	https://access.redhat.com/errata/RHSA-2024:2780
reference_id	RHSA-2024:2780
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2780

reference_url	https://access.redhat.com/errata/RHSA-2024:2853
reference_id	RHSA-2024:2853
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2853

reference_url	https://access.redhat.com/errata/RHSA-2024:2910
reference_id	RHSA-2024:2910
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2910

reference_url	https://access.redhat.com/errata/RHSA-2024:4559
reference_id	RHSA-2024:4559
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4559

reference_url	https://access.redhat.com/errata/RHSA-2024:4721
reference_id	RHSA-2024:4721
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4721

fixed_packages

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1

aliases CVE-2024-22025

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bx67-aud6-b3fa

url VCID-c8xz-v6h3-6ueb

vulnerability_id VCID-c8xz-v6h3-6ueb

summary nodejs: libuv: Out-of-Bounds Access Due to Inconsistent off_t Size in libuv and Node.js Build on i386

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47153.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47153.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-47153

reference_id

reference_type

scores

value	0.00692
scoring_system	epss
scoring_elements	0.71787
published_at	2026-04-02T12:55:00Z

value	0.00692
scoring_system	epss
scoring_elements	0.71897
published_at	2026-04-29T12:55:00Z

value	0.00692
scoring_system	epss
scoring_elements	0.71829
published_at	2026-04-09T12:55:00Z

value	0.00692
scoring_system	epss
scoring_elements	0.71854
published_at	2026-04-11T12:55:00Z

value	0.00692
scoring_system	epss
scoring_elements	0.71837
published_at	2026-04-12T12:55:00Z

value	0.00692
scoring_system	epss
scoring_elements	0.71819
published_at	2026-04-13T12:55:00Z

value	0.00692
scoring_system	epss
scoring_elements	0.71861
published_at	2026-04-16T12:55:00Z

value	0.00692
scoring_system	epss
scoring_elements	0.71866
published_at	2026-04-18T12:55:00Z

value	0.00692
scoring_system	epss
scoring_elements	0.71849
published_at	2026-04-21T12:55:00Z

value	0.00692
scoring_system	epss
scoring_elements	0.71894
published_at	2026-04-24T12:55:00Z

value	0.00692
scoring_system	epss
scoring_elements	0.71899
published_at	2026-04-26T12:55:00Z

value	0.00692
scoring_system	epss
scoring_elements	0.71805
published_at	2026-04-04T12:55:00Z

value	0.00692
scoring_system	epss
scoring_elements	0.71779
published_at	2026-04-07T12:55:00Z

value	0.00692
scoring_system	epss
scoring_elements	0.71818
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-47153

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47153
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47153

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2363236
reference_id	2363236
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2363236

reference_url

https://github.com/nodejs/node-v0.x-archive/issues/4549

reference_id

4549

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:42:34Z/

url

https://github.com/nodejs/node-v0.x-archive/issues/4549

reference_url

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076350

reference_id

bugreport.cgi?bug=1076350

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:42:34Z/

url

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076350

reference_url

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922075

reference_id

bugreport.cgi?bug=922075

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:42:34Z/

url

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922075

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=892601

reference_id

show_bug.cgi?id=892601

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:42:34Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=892601

fixed_packages

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1

aliases CVE-2025-47153

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c8xz-v6h3-6ueb

url VCID-e6gj-fe31-kkh5

vulnerability_id VCID-e6gj-fe31-kkh5

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46809.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46809.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-46809

reference_id

reference_type

scores

value	0.01239
scoring_system	epss
scoring_elements	0.79194
published_at	2026-04-02T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79316
published_at	2026-04-29T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79257
published_at	2026-04-21T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79292
published_at	2026-04-24T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79298
published_at	2026-04-26T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79218
published_at	2026-04-04T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79203
published_at	2026-04-07T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79228
published_at	2026-04-08T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79236
published_at	2026-04-09T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.7926
published_at	2026-04-11T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79244
published_at	2026-04-12T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79232
published_at	2026-04-13T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79259
published_at	2026-04-16T12:55:00Z

value	0.01239
scoring_system	epss
scoring_elements	0.79256
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-46809

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46809
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46809

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055
reference_id	1064055
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2264569
reference_id	2264569
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2264569

reference_url

https://nodejs.org/en/blog/vulnerability/february-2024-security-releases

reference_id

february-2024-security-releases

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T17:40:41Z/

url

https://nodejs.org/en/blog/vulnerability/february-2024-security-releases

reference_url	https://security.gentoo.org/glsa/202505-11
reference_id	GLSA-202505-11
reference_type
scores
url	https://security.gentoo.org/glsa/202505-11

reference_url	https://access.redhat.com/errata/RHSA-2024:1503
reference_id	RHSA-2024:1503
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1503

reference_url	https://access.redhat.com/errata/RHSA-2024:1510
reference_id	RHSA-2024:1510
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1510

reference_url	https://access.redhat.com/errata/RHSA-2024:1687
reference_id	RHSA-2024:1687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1687

reference_url	https://access.redhat.com/errata/RHSA-2024:1688
reference_id	RHSA-2024:1688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1688

reference_url	https://access.redhat.com/errata/RHSA-2024:1880
reference_id	RHSA-2024:1880
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1880

reference_url	https://access.redhat.com/errata/RHSA-2024:1932
reference_id	RHSA-2024:1932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1932

fixed_packages

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1

aliases CVE-2023-46809

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e6gj-fe31-kkh5

url VCID-e7u5-356v-jbg7

vulnerability_id VCID-e7u5-356v-jbg7

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30590.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30590.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-30590

reference_id

reference_type

scores

value	0.00954
scoring_system	epss
scoring_elements	0.76361
published_at	2026-04-02T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76391
published_at	2026-04-04T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76373
published_at	2026-04-07T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76405
published_at	2026-04-08T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.7642
published_at	2026-04-09T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76445
published_at	2026-04-11T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76423
published_at	2026-04-12T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76418
published_at	2026-04-13T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76459
published_at	2026-04-16T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76463
published_at	2026-04-18T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76449
published_at	2026-04-21T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76483
published_at	2026-04-24T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76489
published_at	2026-04-26T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76502
published_at	2026-04-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-30590

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990
reference_id	1039990
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2219842
reference_id	2219842
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2219842

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2023:4330
reference_id	RHSA-2023:4330
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4330

reference_url	https://access.redhat.com/errata/RHSA-2023:4331
reference_id	RHSA-2023:4331
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4331

reference_url	https://access.redhat.com/errata/RHSA-2023:4536
reference_id	RHSA-2023:4536
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4536

reference_url	https://access.redhat.com/errata/RHSA-2023:4537
reference_id	RHSA-2023:4537
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4537

reference_url	https://access.redhat.com/errata/RHSA-2023:5361
reference_id	RHSA-2023:5361
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5361

reference_url	https://access.redhat.com/errata/RHSA-2023:5533
reference_id	RHSA-2023:5533
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5533

reference_url	https://usn.ubuntu.com/6735-1/
reference_id	USN-6735-1
reference_type
scores
url	https://usn.ubuntu.com/6735-1/

fixed_packages

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1

aliases CVE-2023-30590

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e7u5-356v-jbg7

url VCID-kj75-vmwa-gqgq

vulnerability_id VCID-kj75-vmwa-gqgq

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32006.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32006.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-32006

reference_id

reference_type

scores

value	0.00074
scoring_system	epss
scoring_elements	0.22435
published_at	2026-04-02T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22114
published_at	2026-04-29T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22405
published_at	2026-04-09T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22426
published_at	2026-04-11T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22385
published_at	2026-04-12T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22328
published_at	2026-04-13T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22343
published_at	2026-04-16T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22337
published_at	2026-04-18T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22287
published_at	2026-04-21T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22137
published_at	2026-04-24T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22125
published_at	2026-04-26T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22479
published_at	2026-04-04T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22267
published_at	2026-04-07T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.2235
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-32006

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32006
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32006

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050739
reference_id	1050739
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050739

reference_url

https://hackerone.com/reports/2043807

reference_id

2043807

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:20:48Z/

url

https://hackerone.com/reports/2043807

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2230955
reference_id	2230955
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2230955

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/

reference_id

JQPELKG2LVTADSB7ME73AV4DXQK47PWK

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:20:48Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/

reference_url

https://security.netapp.com/advisory/ntap-20230915-0009/

reference_id

ntap-20230915-0009

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:20:48Z/

url

https://security.netapp.com/advisory/ntap-20230915-0009/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX/

reference_id

PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T20:20:48Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX/

reference_url	https://access.redhat.com/errata/RHSA-2023:5360
reference_id	RHSA-2023:5360
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5360

reference_url	https://access.redhat.com/errata/RHSA-2023:5361
reference_id	RHSA-2023:5361
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5361

reference_url	https://access.redhat.com/errata/RHSA-2023:5362
reference_id	RHSA-2023:5362
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5362

reference_url	https://access.redhat.com/errata/RHSA-2023:5363
reference_id	RHSA-2023:5363
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5363

reference_url	https://access.redhat.com/errata/RHSA-2023:5532
reference_id	RHSA-2023:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5532

reference_url	https://access.redhat.com/errata/RHSA-2023:5533
reference_id	RHSA-2023:5533
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5533

reference_url	https://usn.ubuntu.com/6822-1/
reference_id	USN-6822-1
reference_type
scores
url	https://usn.ubuntu.com/6822-1/

fixed_packages

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1

aliases CVE-2023-32006

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kj75-vmwa-gqgq

url VCID-nenk-4cgd-fugv

vulnerability_id VCID-nenk-4cgd-fugv

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27983.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27983.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-27983

reference_id

reference_type

scores

value	0.75933
scoring_system	epss
scoring_elements	0.98927
published_at	2026-04-29T12:55:00Z

value	0.75933
scoring_system	epss
scoring_elements	0.98907
published_at	2026-04-02T12:55:00Z

value	0.75933
scoring_system	epss
scoring_elements	0.98909
published_at	2026-04-04T12:55:00Z

value	0.75933
scoring_system	epss
scoring_elements	0.98911
published_at	2026-04-07T12:55:00Z

value	0.75933
scoring_system	epss
scoring_elements	0.98912
published_at	2026-04-09T12:55:00Z

value	0.75933
scoring_system	epss
scoring_elements	0.98914
published_at	2026-04-12T12:55:00Z

value	0.75933
scoring_system	epss
scoring_elements	0.98915
published_at	2026-04-13T12:55:00Z

value	0.75933
scoring_system	epss
scoring_elements	0.98917
published_at	2026-04-16T12:55:00Z

value	0.75933
scoring_system	epss
scoring_elements	0.98919
published_at	2026-04-18T12:55:00Z

value	0.75933
scoring_system	epss
scoring_elements	0.98922
published_at	2026-04-21T12:55:00Z

value	0.75933
scoring_system	epss
scoring_elements	0.98926
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-27983

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27983
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27983

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068347
reference_id	1068347
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068347

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2272764
reference_id	2272764
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2272764

reference_url

https://hackerone.com/reports/2319584

reference_id

2319584

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-09T19:14:56Z/

url

https://hackerone.com/reports/2319584

reference_url

https://security.archlinux.org/AVG-2852

reference_id

AVG-2852

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2852

reference_url

https://security.archlinux.org/AVG-2853

reference_id

AVG-2853

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2853

reference_url	https://security.gentoo.org/glsa/202505-11
reference_id	GLSA-202505-11
reference_type
scores
url	https://security.gentoo.org/glsa/202505-11

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE/

reference_id

JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-09T19:14:56Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE/

reference_url

https://security.netapp.com/advisory/ntap-20240510-0002/

reference_id

ntap-20240510-0002

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-09T19:14:56Z/

url

https://security.netapp.com/advisory/ntap-20240510-0002/

reference_url	https://access.redhat.com/errata/RHSA-2024:2778
reference_id	RHSA-2024:2778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2778

reference_url	https://access.redhat.com/errata/RHSA-2024:2779
reference_id	RHSA-2024:2779
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2779

reference_url	https://access.redhat.com/errata/RHSA-2024:2780
reference_id	RHSA-2024:2780
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2780

reference_url	https://access.redhat.com/errata/RHSA-2024:2853
reference_id	RHSA-2024:2853
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2853

reference_url	https://access.redhat.com/errata/RHSA-2024:2910
reference_id	RHSA-2024:2910
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2910

reference_url	https://access.redhat.com/errata/RHSA-2024:2937
reference_id	RHSA-2024:2937
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2937

reference_url	https://access.redhat.com/errata/RHSA-2024:3472
reference_id	RHSA-2024:3472
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3472

reference_url	https://access.redhat.com/errata/RHSA-2024:3544
reference_id	RHSA-2024:3544
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3544

reference_url	https://access.redhat.com/errata/RHSA-2024:3545
reference_id	RHSA-2024:3545
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3545

reference_url	https://access.redhat.com/errata/RHSA-2024:3553
reference_id	RHSA-2024:3553
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3553

reference_url	https://access.redhat.com/errata/RHSA-2024:4353
reference_id	RHSA-2024:4353
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4353

reference_url	https://access.redhat.com/errata/RHSA-2024:4824
reference_id	RHSA-2024:4824
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4824

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDVFUH7ACZPYB3BS4SVILNOY7NQU73VW/

reference_id

YDVFUH7ACZPYB3BS4SVILNOY7NQU73VW

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-09T19:14:56Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDVFUH7ACZPYB3BS4SVILNOY7NQU73VW/

fixed_packages

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1

aliases CVE-2024-27983

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nenk-4cgd-fugv

url VCID-sag8-repb-g3f4

vulnerability_id VCID-sag8-repb-g3f4

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32002.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32002.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-32002

reference_id

reference_type

scores

value	0.0004
scoring_system	epss
scoring_elements	0.12197
published_at	2026-04-02T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12177
published_at	2026-04-09T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12044
published_at	2026-04-07T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12126
published_at	2026-04-08T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12184
published_at	2026-04-11T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12148
published_at	2026-04-12T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12116
published_at	2026-04-13T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.11987
published_at	2026-04-16T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.11984
published_at	2026-04-18T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12102
published_at	2026-04-21T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12243
published_at	2026-04-04T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17288
published_at	2026-04-24T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17204
published_at	2026-04-29T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17265
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-32002

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32002
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32002

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050739
reference_id	1050739
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050739

reference_url

https://hackerone.com/reports/1960870

reference_id

1960870

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-02T14:47:51Z/

url

https://hackerone.com/reports/1960870

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2230948
reference_id	2230948
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2230948

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url

https://security.netapp.com/advisory/ntap-20230915-0009/

reference_id

ntap-20230915-0009

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-02T14:47:51Z/

url

https://security.netapp.com/advisory/ntap-20230915-0009/

reference_url	https://access.redhat.com/errata/RHSA-2023:5360
reference_id	RHSA-2023:5360
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5360

reference_url	https://access.redhat.com/errata/RHSA-2023:5361
reference_id	RHSA-2023:5361
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5361

reference_url	https://access.redhat.com/errata/RHSA-2023:5362
reference_id	RHSA-2023:5362
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5362

reference_url	https://access.redhat.com/errata/RHSA-2023:5363
reference_id	RHSA-2023:5363
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5363

reference_url	https://access.redhat.com/errata/RHSA-2023:5532
reference_id	RHSA-2023:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5532

reference_url	https://access.redhat.com/errata/RHSA-2023:5533
reference_id	RHSA-2023:5533
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5533

reference_url	https://usn.ubuntu.com/6822-1/
reference_id	USN-6822-1
reference_type
scores
url	https://usn.ubuntu.com/6822-1/

fixed_packages

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1

aliases CVE-2023-32002

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sag8-repb-g3f4

url VCID-vkvx-gxbu-3uau

vulnerability_id VCID-vkvx-gxbu-3uau

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22019.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22019.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-22019

reference_id

reference_type

scores

value	0.0038
scoring_system	epss
scoring_elements	0.59492
published_at	2026-04-29T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59525
published_at	2026-04-11T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59509
published_at	2026-04-12T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.5949
published_at	2026-04-13T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59524
published_at	2026-04-16T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59529
published_at	2026-04-18T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59513
published_at	2026-04-21T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59485
published_at	2026-04-24T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.5945
published_at	2026-04-02T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59475
published_at	2026-04-04T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59442
published_at	2026-04-07T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59493
published_at	2026-04-08T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59506
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-22019

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22019
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22019

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055
reference_id	1064055
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055

reference_url

https://hackerone.com/reports/2233486

reference_id

2233486

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T21:15:49Z/

url

https://hackerone.com/reports/2233486

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2264574
reference_id	2264574
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2264574

reference_url	https://security.gentoo.org/glsa/202505-11
reference_id	GLSA-202505-11
reference_type
scores
url	https://security.gentoo.org/glsa/202505-11

reference_url

https://security.netapp.com/advisory/ntap-20240315-0004/

reference_id

ntap-20240315-0004

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T21:15:49Z/

url

https://security.netapp.com/advisory/ntap-20240315-0004/

reference_url	https://access.redhat.com/errata/RHSA-2024:1354
reference_id	RHSA-2024:1354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1354

reference_url	https://access.redhat.com/errata/RHSA-2024:1424
reference_id	RHSA-2024:1424
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1424

reference_url	https://access.redhat.com/errata/RHSA-2024:1438
reference_id	RHSA-2024:1438
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1438

reference_url	https://access.redhat.com/errata/RHSA-2024:1444
reference_id	RHSA-2024:1444
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1444

reference_url	https://access.redhat.com/errata/RHSA-2024:1503
reference_id	RHSA-2024:1503
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1503

reference_url	https://access.redhat.com/errata/RHSA-2024:1510
reference_id	RHSA-2024:1510
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1510

reference_url	https://access.redhat.com/errata/RHSA-2024:1678
reference_id	RHSA-2024:1678
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1678

reference_url	https://access.redhat.com/errata/RHSA-2024:1687
reference_id	RHSA-2024:1687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1687

reference_url	https://access.redhat.com/errata/RHSA-2024:1688
reference_id	RHSA-2024:1688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1688

reference_url	https://access.redhat.com/errata/RHSA-2024:1880
reference_id	RHSA-2024:1880
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1880

reference_url	https://access.redhat.com/errata/RHSA-2024:1932
reference_id	RHSA-2024:1932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1932

reference_url	https://access.redhat.com/errata/RHSA-2024:2651
reference_id	RHSA-2024:2651
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2651

reference_url	https://access.redhat.com/errata/RHSA-2024:2793
reference_id	RHSA-2024:2793
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2793

fixed_packages

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1

aliases CVE-2024-22019

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vkvx-gxbu-3uau

url VCID-wf5t-3pwz-c7d7

vulnerability_id VCID-wf5t-3pwz-c7d7

summary Multiple vulnerabilities have been discovered in Node.js, the worst of which can lead to arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23085.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23085.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-23085

reference_id

reference_type

scores

value	0.00164
scoring_system	epss
scoring_elements	0.37039
published_at	2026-04-29T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37404
published_at	2026-04-13T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37451
published_at	2026-04-16T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37433
published_at	2026-04-18T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37377
published_at	2026-04-21T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37158
published_at	2026-04-24T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37127
published_at	2026-04-26T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.3744
published_at	2026-04-08T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37452
published_at	2026-04-09T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37466
published_at	2026-04-11T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37431
published_at	2026-04-12T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38175
published_at	2026-04-02T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38197
published_at	2026-04-04T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38068
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-23085

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23085
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23085

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094134
reference_id	1094134
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094134

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2342618
reference_id	2342618
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2342618

reference_url	https://security.gentoo.org/glsa/202506-08
reference_id	GLSA-202506-08
reference_type
scores
url	https://security.gentoo.org/glsa/202506-08

reference_url

https://nodejs.org/en/blog/vulnerability/january-2025-security-releases

reference_id

january-2025-security-releases

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-07T15:50:24Z/

url

https://nodejs.org/en/blog/vulnerability/january-2025-security-releases

reference_url	https://access.redhat.com/errata/RHSA-2025:1351
reference_id	RHSA-2025:1351
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1351

reference_url	https://access.redhat.com/errata/RHSA-2025:1443
reference_id	RHSA-2025:1443
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1443

reference_url	https://access.redhat.com/errata/RHSA-2025:1446
reference_id	RHSA-2025:1446
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1446

reference_url	https://access.redhat.com/errata/RHSA-2025:1582
reference_id	RHSA-2025:1582
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1582

reference_url	https://access.redhat.com/errata/RHSA-2025:1611
reference_id	RHSA-2025:1611
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1611

reference_url	https://access.redhat.com/errata/RHSA-2025:1613
reference_id	RHSA-2025:1613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1613

fixed_packages

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1

url	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
purl	pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1

aliases CVE-2025-23085

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wf5t-3pwz-c7d7

url VCID-zstw-3wmu-u3c8

vulnerability_id VCID-zstw-3wmu-u3c8

summary

llhttp vulnerable to HTTP request smuggling
The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).

The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30589.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30589.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-30589

reference_id

reference_type

scores

value	0.01916
scoring_system	epss
scoring_elements	0.83384
published_at	2026-04-29T12:55:00Z

value	0.01916
scoring_system	epss
scoring_elements	0.83382
published_at	2026-04-26T12:55:00Z

value	0.01916
scoring_system	epss
scoring_elements	0.83349
published_at	2026-04-18T12:55:00Z

value	0.01916
scoring_system	epss
scoring_elements	0.83348
published_at	2026-04-16T12:55:00Z

value	0.01916
scoring_system	epss
scoring_elements	0.83313
published_at	2026-04-13T12:55:00Z

value	0.01916
scoring_system	epss
scoring_elements	0.83317
published_at	2026-04-12T12:55:00Z

value	0.01916
scoring_system	epss
scoring_elements	0.83323
published_at	2026-04-11T12:55:00Z

value	0.01916
scoring_system	epss
scoring_elements	0.83308
published_at	2026-04-09T12:55:00Z

value	0.01916
scoring_system	epss
scoring_elements	0.83299
published_at	2026-04-08T12:55:00Z

value	0.01916
scoring_system	epss
scoring_elements	0.83275
published_at	2026-04-07T12:55:00Z

value	0.01916
scoring_system	epss
scoring_elements	0.83276
published_at	2026-04-04T12:55:00Z

value	0.01916
scoring_system	epss
scoring_elements	0.83261
published_at	2026-04-02T12:55:00Z

value	0.01916
scoring_system	epss
scoring_elements	0.83375
published_at	2026-04-24T12:55:00Z

value	0.01916
scoring_system	epss
scoring_elements	0.83351
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-30589

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/nodejs/llhttp

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/nodejs/llhttp

reference_url

https://github.com/nodejs/llhttp/releases/tag/release%2Fv8.1.1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/nodejs/llhttp/releases/tag/release%2Fv8.1.1

reference_url

https://hackerone.com/reports/2001873

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/2001873

reference_url

https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCVG4TQRGTK4LKAZKVEQAUEJM7DUACYE

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCVG4TQRGTK4LKAZKVEQAUEJM7DUACYE

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76

reference_url

https://security.netapp.com/advisory/ntap-20230803-0009

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230803-0009

reference_url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990
reference_id	1039990
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2219841
reference_id	2219841
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2219841

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-30589

reference_id

CVE-2023-30589

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-30589

reference_url

https://github.com/advisories/GHSA-cggh-pq45-6h9x

reference_id

GHSA-cggh-pq45-6h9x

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cggh-pq45-6h9x

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2023:4330
reference_id	RHSA-2023:4330
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4330

reference_url	https://access.redhat.com/errata/RHSA-2023:4331
reference_id	RHSA-2023:4331
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4331

reference_url	https://access.redhat.com/errata/RHSA-2023:4536
reference_id	RHSA-2023:4536
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4536

reference_url	https://access.redhat.com/errata/RHSA-2023:4537
reference_id	RHSA-2023:4537
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4537

reference_url	https://access.redhat.com/errata/RHSA-2023:5361
reference_id	RHSA-2023:5361
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5361

reference_url	https://access.redhat.com/errata/RHSA-2023:5533
reference_id	RHSA-2023:5533
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5533

reference_url	https://usn.ubuntu.com/6735-1/
reference_id	USN-6735-1
reference_type
scores
url	https://usn.ubuntu.com/6735-1/

fixed_packages

url pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

purl pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp3-fzdr-yqbm

vulnerability	VCID-2t7c-dju9-pff6

vulnerability	VCID-43sf-4r41-wugc

vulnerability	VCID-96yh-1wub-zucg

vulnerability	VCID-98fy-tedc-ube7

vulnerability	VCID-bjza-25hu-vkad

vulnerability	VCID-dgkh-jdah-wfh9

vulnerability	VCID-dt7u-3usg-9uet

vulnerability	VCID-twc8-ewm7-wkb1

vulnerability	VCID-u8bq-8jp4-jkem

vulnerability	VCID-v7uy-445x-tuan

vulnerability	VCID-wf5t-3pwz-c7d7

vulnerability	VCID-x1an-pjq4-nbby

vulnerability	VCID-xkpz-pb5y-jqcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1

aliases CVE-2023-30589, GHSA-cggh-pq45-6h9x

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zstw-3wmu-u3c8

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1

Package Instance