Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ufea-fewt-87es
Summarysemantic-release is an open source npm package for automated version management and package publishing. In affected versions secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that are excluded from uri encoding by `encodeURI`. Occurrence is further limited to execution contexts where push access to the related repository is not available without modifying the repository url to inject credentials. Users are advised to upgrade. Users unable to upgrade should ensure that secrets that do not contain characters that are excluded from encoding with `encodeURI` when included in a URL are already masked properly.
Aliases
0
alias CVE-2022-31051
1
alias GHSA-x2pg-mjhr-2m5x
Fixed_packages
0
url pkg:npm/semantic-release@19.0.3
purl pkg:npm/semantic-release@19.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@19.0.3
Affected_packages
0
url pkg:npm/semantic-release@17.0.4
purl pkg:npm/semantic-release@17.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cmvx-7jy8-7ucf
1
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.0.4
1
url pkg:npm/semantic-release@17.0.5
purl pkg:npm/semantic-release@17.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cmvx-7jy8-7ucf
1
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.0.5
2
url pkg:npm/semantic-release@17.0.6
purl pkg:npm/semantic-release@17.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cmvx-7jy8-7ucf
1
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.0.6
3
url pkg:npm/semantic-release@17.0.7
purl pkg:npm/semantic-release@17.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cmvx-7jy8-7ucf
1
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.0.7
4
url pkg:npm/semantic-release@17.0.8
purl pkg:npm/semantic-release@17.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cmvx-7jy8-7ucf
1
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.0.8
5
url pkg:npm/semantic-release@17.1.0
purl pkg:npm/semantic-release@17.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cmvx-7jy8-7ucf
1
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.1.0
6
url pkg:npm/semantic-release@17.1.1
purl pkg:npm/semantic-release@17.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cmvx-7jy8-7ucf
1
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.1.1
7
url pkg:npm/semantic-release@17.1.2
purl pkg:npm/semantic-release@17.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cmvx-7jy8-7ucf
1
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.1.2
8
url pkg:npm/semantic-release@17.2.0
purl pkg:npm/semantic-release@17.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cmvx-7jy8-7ucf
1
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.2.0
9
url pkg:npm/semantic-release@17.2.1
purl pkg:npm/semantic-release@17.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cmvx-7jy8-7ucf
1
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.2.1
10
url pkg:npm/semantic-release@17.2.2
purl pkg:npm/semantic-release@17.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cmvx-7jy8-7ucf
1
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.2.2
11
url pkg:npm/semantic-release@17.2.3
purl pkg:npm/semantic-release@17.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.2.3
12
url pkg:npm/semantic-release@17.2.4
purl pkg:npm/semantic-release@17.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.2.4
13
url pkg:npm/semantic-release@17.3.0
purl pkg:npm/semantic-release@17.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.3.0
14
url pkg:npm/semantic-release@17.3.1
purl pkg:npm/semantic-release@17.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.3.1
15
url pkg:npm/semantic-release@17.3.2
purl pkg:npm/semantic-release@17.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.3.2
16
url pkg:npm/semantic-release@17.3.3
purl pkg:npm/semantic-release@17.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.3.3
17
url pkg:npm/semantic-release@17.3.4
purl pkg:npm/semantic-release@17.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.3.4
18
url pkg:npm/semantic-release@17.3.5
purl pkg:npm/semantic-release@17.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.3.5
19
url pkg:npm/semantic-release@17.3.6
purl pkg:npm/semantic-release@17.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.3.6
20
url pkg:npm/semantic-release@17.3.7
purl pkg:npm/semantic-release@17.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.3.7
21
url pkg:npm/semantic-release@17.3.8
purl pkg:npm/semantic-release@17.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.3.8
22
url pkg:npm/semantic-release@17.3.9
purl pkg:npm/semantic-release@17.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.3.9
23
url pkg:npm/semantic-release@17.4.0
purl pkg:npm/semantic-release@17.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.4.0
24
url pkg:npm/semantic-release@17.4.1
purl pkg:npm/semantic-release@17.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.4.1
25
url pkg:npm/semantic-release@17.4.2
purl pkg:npm/semantic-release@17.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.4.2
26
url pkg:npm/semantic-release@17.4.3
purl pkg:npm/semantic-release@17.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.4.3
27
url pkg:npm/semantic-release@17.4.4
purl pkg:npm/semantic-release@17.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.4.4
28
url pkg:npm/semantic-release@17.4.5
purl pkg:npm/semantic-release@17.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.4.5
29
url pkg:npm/semantic-release@17.4.6
purl pkg:npm/semantic-release@17.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.4.6
30
url pkg:npm/semantic-release@17.4.7
purl pkg:npm/semantic-release@17.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@17.4.7
31
url pkg:npm/semantic-release@18.0.0-beta.1
purl pkg:npm/semantic-release@18.0.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@18.0.0-beta.1
32
url pkg:npm/semantic-release@18.0.0-beta.2
purl pkg:npm/semantic-release@18.0.0-beta.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@18.0.0-beta.2
33
url pkg:npm/semantic-release@18.0.0-beta.3
purl pkg:npm/semantic-release@18.0.0-beta.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@18.0.0-beta.3
34
url pkg:npm/semantic-release@18.0.0-beta.4
purl pkg:npm/semantic-release@18.0.0-beta.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@18.0.0-beta.4
35
url pkg:npm/semantic-release@18.0.0-beta.5
purl pkg:npm/semantic-release@18.0.0-beta.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@18.0.0-beta.5
36
url pkg:npm/semantic-release@18.0.0-beta.6
purl pkg:npm/semantic-release@18.0.0-beta.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@18.0.0-beta.6
37
url pkg:npm/semantic-release@18.0.0-beta.7
purl pkg:npm/semantic-release@18.0.0-beta.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@18.0.0-beta.7
38
url pkg:npm/semantic-release@18.0.0-beta.8
purl pkg:npm/semantic-release@18.0.0-beta.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@18.0.0-beta.8
39
url pkg:npm/semantic-release@18.0.0
purl pkg:npm/semantic-release@18.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@18.0.0
40
url pkg:npm/semantic-release@18.0.1
purl pkg:npm/semantic-release@18.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@18.0.1
41
url pkg:npm/semantic-release@19.0.0-beta.1
purl pkg:npm/semantic-release@19.0.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@19.0.0-beta.1
42
url pkg:npm/semantic-release@19.0.0-beta.2
purl pkg:npm/semantic-release@19.0.0-beta.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@19.0.0-beta.2
43
url pkg:npm/semantic-release@19.0.0
purl pkg:npm/semantic-release@19.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@19.0.0
44
url pkg:npm/semantic-release@19.0.1
purl pkg:npm/semantic-release@19.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@19.0.1
45
url pkg:npm/semantic-release@19.0.2
purl pkg:npm/semantic-release@19.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semantic-release@19.0.2
46
url pkg:rpm/redhat/ovirt-web-ui@1.9.0-1?arch=el8ev
purl pkg:rpm/redhat/ovirt-web-ui@1.9.0-1?arch=el8ev
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fbbe-6f4s-7kd7
1
vulnerability VCID-qc13-gyew-buf1
2
vulnerability VCID-ufea-fewt-87es
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ovirt-web-ui@1.9.0-1%3Farch=el8ev
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31051.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31051.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31051
reference_id
reference_type
scores
0
value 0.00756
scoring_system epss
scoring_elements 0.7381
published_at 2026-06-13T12:55:00Z
1
value 0.00756
scoring_system epss
scoring_elements 0.73809
published_at 2026-06-14T12:55:00Z
2
value 0.00756
scoring_system epss
scoring_elements 0.73795
published_at 2026-06-12T12:55:00Z
3
value 0.00756
scoring_system epss
scoring_elements 0.7372
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31051
2
reference_url https://github.com/semantic-release/semantic-release
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/semantic-release/semantic-release
3
reference_url https://github.com/semantic-release/semantic-release/pull/2449
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/semantic-release/semantic-release/pull/2449
4
reference_url https://github.com/semantic-release/semantic-release/pull/2459
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/semantic-release/semantic-release/pull/2459
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2097414
reference_id 2097414
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2097414
6
reference_url https://github.com/semantic-release/semantic-release/commit/58a226f29c04ee56bbb02cc661f020d568849cad
reference_id 58a226f29c04ee56bbb02cc661f020d568849cad
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:40Z/
url https://github.com/semantic-release/semantic-release/commit/58a226f29c04ee56bbb02cc661f020d568849cad
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31051
reference_id CVE-2022-31051
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31051
8
reference_url https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI
reference_id encodeURI
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:40Z/
url https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI
9
reference_url https://github.com/advisories/GHSA-x2pg-mjhr-2m5x
reference_id GHSA-x2pg-mjhr-2m5x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x2pg-mjhr-2m5x
10
reference_url https://github.com/semantic-release/semantic-release/security/advisories/GHSA-x2pg-mjhr-2m5x
reference_id GHSA-x2pg-mjhr-2m5x
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:40Z/
url https://github.com/semantic-release/semantic-release/security/advisories/GHSA-x2pg-mjhr-2m5x
11
reference_url https://access.redhat.com/errata/RHSA-2022:5555
reference_id RHSA-2022:5555
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5555
12
reference_url https://github.com/semantic-release/semantic-release/releases/tag/v19.0.3
reference_id v19.0.3
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:40Z/
url https://github.com/semantic-release/semantic-release/releases/tag/v19.0.3
Weaknesses
0
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
1
cwe_id 212
name Improper Removal of Sensitive Information Before Storage or Transfer
description The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
3
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 7.5
Exploitability0.5
Weighted_severity6.8
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ufea-fewt-87es