VulnerableCode Package Details - pkg:deb/debian/node-fetch@0?distro=trixie

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/node-fetch@0?distro=trixie

Essentials
History (3)

purl	pkg:deb/debian/node-fetch@0?distro=trixie

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-ebme-b1mh-qygu	node-fetch Inefficient Regular Expression Complexity [node-fetch](https://www.npmjs.com/package/node-fetch) is a light-weight module that brings window.fetch to node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the `isOriginPotentiallyTrustworthy()` function in `referrer.js`, when processing a URL string with alternating letters and periods, such as `'http://' + 'a.a.'.repeat(i) + 'a'`.	CVE-2022-2596 GHSA-vp56-6g26-6827

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T09:27:17.540877+00:00	Debian Importer	Fixing	VCID-ebme-b1mh-qygu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-11T18:18:27.037228+00:00	Debian Importer	Fixing	VCID-ebme-b1mh-qygu	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:47:08.097450+00:00	Debian Importer	Fixing	VCID-ebme-b1mh-qygu	https://security-tracker.debian.org/tracker/data/json	38.1.0