VulnerableCode Package Details - pkg:deb/debian/node-ua-parser-js@0?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-dmh1-fut8-2ygz	Embedded malware in ua-parser-js The npm package `ua-parser-js` had three versions published with malicious code. Users of affected versions (0.7.29, 0.8.0, 1.0.0) should upgrade as soon as possible and check their systems for suspicious activity. See [this issue](https://github.com/faisalman/ua-parser-js/issues/536) for details as they unfold. Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.	CVE-2021-4229 GHSA-pjwm-rvh2-c87w GMS-2021-1
VCID-q32y-yvrx-wkby	Regular Expression Denial of Service in ua-parser-js The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.	CVE-2020-7733 GHSA-662x-fhqg-9p8v

Vulnerability

Summary

Aliases

VCID-dmh1-fut8-2ygz

Embedded malware in ua-parser-js The npm package `ua-parser-js` had three versions published with malicious code. Users of affected versions (0.7.29, 0.8.0, 1.0.0) should upgrade as soon as possible and check their systems for suspicious activity. See [this issue](https://github.com/faisalman/ua-parser-js/issues/536) for details as they unfold. Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

CVE-2021-4229
GHSA-pjwm-rvh2-c87w
GMS-2021-1

VCID-q32y-yvrx-wkby

Regular Expression Denial of Service in ua-parser-js The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.

CVE-2020-7733
GHSA-662x-fhqg-9p8v

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:07:15.067716+00:00	Debian Importer	Fixing	VCID-q32y-yvrx-wkby	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:18:40.933296+00:00	Debian Importer	Fixing	VCID-dmh1-fut8-2ygz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:17:15.094641+00:00	Debian Importer	Fixing	VCID-q32y-yvrx-wkby	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:41:48.224402+00:00	Debian Importer	Fixing	VCID-dmh1-fut8-2ygz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:47:17.446574+00:00	Debian Importer	Fixing	VCID-dmh1-fut8-2ygz	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:47:17.361095+00:00	Debian Importer	Fixing	VCID-q32y-yvrx-wkby	https://security-tracker.debian.org/tracker/data/json	38.1.0