Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-jqtk-shbr-nkaw
Summary
yargs-parser Vulnerable to Prototype Pollution
Affected versions of `yargs-parser` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects.  
Parsing the argument `--foo.__proto__.bar baz'` adds a `bar` property with value `baz` to all objects. This is only exploitable if attackers have control over the arguments being passed to `yargs-parser`.



## Recommendation

Upgrade to versions 13.1.2, 15.0.1, 18.1.1 or later.
Aliases
0
alias CVE-2020-7608
1
alias GHSA-p9pc-299p-vxgp
Fixed_packages
0
url pkg:deb/debian/node-yargs-parser@18.1.1-1?distro=trixie
purl pkg:deb/debian/node-yargs-parser@18.1.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yargs-parser@18.1.1-1%3Fdistro=trixie
1
url pkg:deb/debian/node-yargs-parser@18.1.3%2B~15.0.0-1?distro=trixie
purl pkg:deb/debian/node-yargs-parser@18.1.3%2B~15.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yargs-parser@18.1.3%252B~15.0.0-1%3Fdistro=trixie
2
url pkg:deb/debian/node-yargs-parser@18.1.3%2B~15.0.0-1
purl pkg:deb/debian/node-yargs-parser@18.1.3%2B~15.0.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yargs-parser@18.1.3%252B~15.0.0-1
3
url pkg:deb/debian/node-yargs-parser@21.1.1%2B~21.0.0-4?distro=trixie
purl pkg:deb/debian/node-yargs-parser@21.1.1%2B~21.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yargs-parser@21.1.1%252B~21.0.0-4%3Fdistro=trixie
4
url pkg:npm/yargs-parser@5.0.1
purl pkg:npm/yargs-parser@5.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@5.0.1
5
url pkg:npm/yargs-parser@13.1.2
purl pkg:npm/yargs-parser@13.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@13.1.2
6
url pkg:npm/yargs-parser@15.0.1
purl pkg:npm/yargs-parser@15.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@15.0.1
7
url pkg:npm/yargs-parser@18.1.1
purl pkg:npm/yargs-parser@18.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@18.1.1
Affected_packages
0
url pkg:deb/debian/node-yargs-parser@4.1.0-1
purl pkg:deb/debian/node-yargs-parser@4.1.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yargs-parser@4.1.0-1
1
url pkg:deb/debian/node-yargs-parser@11.1.1-1%2Bdeb10u1
purl pkg:deb/debian/node-yargs-parser@11.1.1-1%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yargs-parser@11.1.1-1%252Bdeb10u1
2
url pkg:npm/yargs-parser@1.0.0
purl pkg:npm/yargs-parser@1.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@1.0.0
3
url pkg:npm/yargs-parser@1.1.0
purl pkg:npm/yargs-parser@1.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@1.1.0
4
url pkg:npm/yargs-parser@1.1.1-alpha
purl pkg:npm/yargs-parser@1.1.1-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@1.1.1-alpha
5
url pkg:npm/yargs-parser@1.1.1-alpha2
purl pkg:npm/yargs-parser@1.1.1-alpha2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@1.1.1-alpha2
6
url pkg:npm/yargs-parser@1.1.1-alpha3
purl pkg:npm/yargs-parser@1.1.1-alpha3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@1.1.1-alpha3
7
url pkg:npm/yargs-parser@2.0.0
purl pkg:npm/yargs-parser@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@2.0.0
8
url pkg:npm/yargs-parser@2.1.0
purl pkg:npm/yargs-parser@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@2.1.0
9
url pkg:npm/yargs-parser@2.1.1
purl pkg:npm/yargs-parser@2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@2.1.1
10
url pkg:npm/yargs-parser@2.1.2
purl pkg:npm/yargs-parser@2.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@2.1.2
11
url pkg:npm/yargs-parser@2.2.0
purl pkg:npm/yargs-parser@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@2.2.0
12
url pkg:npm/yargs-parser@2.4.0-next
purl pkg:npm/yargs-parser@2.4.0-next
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@2.4.0-next
13
url pkg:npm/yargs-parser@2.4.0
purl pkg:npm/yargs-parser@2.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@2.4.0
14
url pkg:npm/yargs-parser@2.4.1
purl pkg:npm/yargs-parser@2.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@2.4.1
15
url pkg:npm/yargs-parser@3.1.0
purl pkg:npm/yargs-parser@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@3.1.0
16
url pkg:npm/yargs-parser@3.2.0
purl pkg:npm/yargs-parser@3.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@3.2.0
17
url pkg:npm/yargs-parser@4.0.0
purl pkg:npm/yargs-parser@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@4.0.0
18
url pkg:npm/yargs-parser@4.0.1
purl pkg:npm/yargs-parser@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@4.0.1
19
url pkg:npm/yargs-parser@4.0.2
purl pkg:npm/yargs-parser@4.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@4.0.2
20
url pkg:npm/yargs-parser@4.1.0
purl pkg:npm/yargs-parser@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@4.1.0
21
url pkg:npm/yargs-parser@4.2.0
purl pkg:npm/yargs-parser@4.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@4.2.0
22
url pkg:npm/yargs-parser@4.2.1-candidate.0
purl pkg:npm/yargs-parser@4.2.1-candidate.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@4.2.1-candidate.0
23
url pkg:npm/yargs-parser@4.2.1-candidate.1
purl pkg:npm/yargs-parser@4.2.1-candidate.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@4.2.1-candidate.1
24
url pkg:npm/yargs-parser@4.2.1
purl pkg:npm/yargs-parser@4.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@4.2.1
25
url pkg:npm/yargs-parser@5.0.0
purl pkg:npm/yargs-parser@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@5.0.0
26
url pkg:npm/yargs-parser@6.0.0
purl pkg:npm/yargs-parser@6.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@6.0.0
27
url pkg:npm/yargs-parser@6.0.1
purl pkg:npm/yargs-parser@6.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@6.0.1
28
url pkg:npm/yargs-parser@7.0.0
purl pkg:npm/yargs-parser@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@7.0.0
29
url pkg:npm/yargs-parser@8.0.0
purl pkg:npm/yargs-parser@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@8.0.0
30
url pkg:npm/yargs-parser@8.1.0
purl pkg:npm/yargs-parser@8.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@8.1.0
31
url pkg:npm/yargs-parser@9.0.0
purl pkg:npm/yargs-parser@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@9.0.0
32
url pkg:npm/yargs-parser@9.0.1
purl pkg:npm/yargs-parser@9.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@9.0.1
33
url pkg:npm/yargs-parser@9.0.2
purl pkg:npm/yargs-parser@9.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@9.0.2
34
url pkg:npm/yargs-parser@10.0.0
purl pkg:npm/yargs-parser@10.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@10.0.0
35
url pkg:npm/yargs-parser@10.1.0
purl pkg:npm/yargs-parser@10.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@10.1.0
36
url pkg:npm/yargs-parser@11.0.0
purl pkg:npm/yargs-parser@11.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@11.0.0
37
url pkg:npm/yargs-parser@11.1.0
purl pkg:npm/yargs-parser@11.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@11.1.0
38
url pkg:npm/yargs-parser@11.1.1
purl pkg:npm/yargs-parser@11.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@11.1.1
39
url pkg:npm/yargs-parser@12.0.0
purl pkg:npm/yargs-parser@12.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@12.0.0
40
url pkg:npm/yargs-parser@13.0.0-candidate.0
purl pkg:npm/yargs-parser@13.0.0-candidate.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@13.0.0-candidate.0
41
url pkg:npm/yargs-parser@13.0.0
purl pkg:npm/yargs-parser@13.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@13.0.0
42
url pkg:npm/yargs-parser@13.1.0
purl pkg:npm/yargs-parser@13.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@13.1.0
43
url pkg:npm/yargs-parser@13.1.1
purl pkg:npm/yargs-parser@13.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@13.1.1
44
url pkg:npm/yargs-parser@14.0.0
purl pkg:npm/yargs-parser@14.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@14.0.0
45
url pkg:npm/yargs-parser@15.0.0
purl pkg:npm/yargs-parser@15.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@15.0.0
46
url pkg:npm/yargs-parser@16.0.0
purl pkg:npm/yargs-parser@16.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@16.0.0
47
url pkg:npm/yargs-parser@16.1.0
purl pkg:npm/yargs-parser@16.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@16.1.0
48
url pkg:npm/yargs-parser@17.0.0
purl pkg:npm/yargs-parser@17.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@17.0.0
49
url pkg:npm/yargs-parser@17.0.1
purl pkg:npm/yargs-parser@17.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@17.0.1
50
url pkg:npm/yargs-parser@17.1.0
purl pkg:npm/yargs-parser@17.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@17.1.0
51
url pkg:npm/yargs-parser@18.0.0
purl pkg:npm/yargs-parser@18.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@18.0.0
52
url pkg:npm/yargs-parser@18.1.0
purl pkg:npm/yargs-parser@18.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@18.1.0
53
url pkg:npm/yargs-parser@18.1.1-beta.0
purl pkg:npm/yargs-parser@18.1.1-beta.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jqtk-shbr-nkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/yargs-parser@18.1.1-beta.0
54
url pkg:rpm/redhat/rh-nodejs10-nodejs@10.23.1-2?arch=el7
purl pkg:rpm/redhat/rh-nodejs10-nodejs@10.23.1-2?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b6t-hfzu-7uf5
1
vulnerability VCID-7tyw-ppyt-zqgr
2
vulnerability VCID-cqs6-2ryh-43gj
3
vulnerability VCID-e2wc-na6c-c3cr
4
vulnerability VCID-fu8u-pxaa-43be
5
vulnerability VCID-jqtk-shbr-nkaw
6
vulnerability VCID-kh5k-ynnf-2bbx
7
vulnerability VCID-v5h1-gpt1-97bj
8
vulnerability VCID-zj4d-e8r7-ufg3
9
vulnerability VCID-ztt4-vnk7-7ycq
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs10-nodejs@10.23.1-2%3Farch=el7
55
url pkg:rpm/redhat/rh-nodejs12-nodejs@12.19.1-2?arch=el7
purl pkg:rpm/redhat/rh-nodejs12-nodejs@12.19.1-2?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fu8u-pxaa-43be
1
vulnerability VCID-jqtk-shbr-nkaw
2
vulnerability VCID-kh5k-ynnf-2bbx
3
vulnerability VCID-m4sn-7wuq-e3cd
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs12-nodejs@12.19.1-2%3Farch=el7
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7608.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7608.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7608
reference_id
reference_type
scores
0
value 0.00126
scoring_system epss
scoring_elements 0.31898
published_at 2026-04-21T12:55:00Z
1
value 0.00126
scoring_system epss
scoring_elements 0.31926
published_at 2026-04-18T12:55:00Z
2
value 0.00126
scoring_system epss
scoring_elements 0.31913
published_at 2026-04-13T12:55:00Z
3
value 0.00126
scoring_system epss
scoring_elements 0.31947
published_at 2026-04-16T12:55:00Z
4
value 0.00126
scoring_system epss
scoring_elements 0.31987
published_at 2026-04-11T12:55:00Z
5
value 0.00126
scoring_system epss
scoring_elements 0.31983
published_at 2026-04-09T12:55:00Z
6
value 0.00126
scoring_system epss
scoring_elements 0.31955
published_at 2026-04-08T12:55:00Z
7
value 0.00126
scoring_system epss
scoring_elements 0.31902
published_at 2026-04-07T12:55:00Z
8
value 0.00126
scoring_system epss
scoring_elements 0.32079
published_at 2026-04-04T12:55:00Z
9
value 0.00126
scoring_system epss
scoring_elements 0.32038
published_at 2026-04-02T12:55:00Z
10
value 0.00126
scoring_system epss
scoring_elements 0.3191
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7608
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608
3
reference_url https://github.com/yargs/yargs-parser
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yargs/yargs-parser
4
reference_url https://github.com/yargs/yargs-parser/commit/1c417bd0b42b09c475ee881e36d292af4fa2cc36
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yargs/yargs-parser/commit/1c417bd0b42b09c475ee881e36d292af4fa2cc36
5
reference_url https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7608
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:P/I:P/A:P
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7608
7
reference_url https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
8
reference_url https://www.npmjs.com/advisories/1500
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1500
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1840004
reference_id 1840004
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1840004
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:yargs:yargs-parser:*:*:*:*:*:node.js:*:*
reference_id cpe:2.3:a:yargs:yargs-parser:*:*:*:*:*:node.js:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:yargs:yargs-parser:*:*:*:*:*:node.js:*:*
11
reference_url https://github.com/advisories/GHSA-p9pc-299p-vxgp
reference_id GHSA-p9pc-299p-vxgp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p9pc-299p-vxgp
12
reference_url https://access.redhat.com/errata/RHSA-2020:5305
reference_id RHSA-2020:5305
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5305
13
reference_url https://access.redhat.com/errata/RHSA-2020:5499
reference_id RHSA-2020:5499
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5499
14
reference_url https://access.redhat.com/errata/RHSA-2021:0521
reference_id RHSA-2021:0521
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0521
15
reference_url https://access.redhat.com/errata/RHSA-2021:0548
reference_id RHSA-2021:0548
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0548
16
reference_url https://access.redhat.com/errata/RHSA-2021:2041
reference_id RHSA-2021:2041
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2041
17
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
Weaknesses
0
cwe_id 1321
name Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
description The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
1
cwe_id 915
name Improperly Controlled Modification of Dynamically-Determined Object Attributes
description The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.
2
cwe_id 267
name Privilege Defined With Unsafe Actions
description A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
3
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
4
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
5
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-jqtk-shbr-nkaw