Search for packages
| purl | pkg:rpm/redhat/rh-nodejs12-nodejs@12.19.1-2?arch=el7 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-fu8u-pxaa-43be
Aliases: CVE-2020-7774 GHSA-c4w7-xm78-47vh |
Prototype Pollution in y18n ### Overview The npm package `y18n` before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution. ### POC ```js const y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true ``` ### Recommendation Upgrade to version 3.2.2, 4.0.1, 5.0.5 or later. | There are no reported fixed by versions. |
|
VCID-jqtk-shbr-nkaw
Aliases: CVE-2020-7608 GHSA-p9pc-299p-vxgp |
yargs-parser Vulnerable to Prototype Pollution Affected versions of `yargs-parser` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument `--foo.__proto__.bar baz'` adds a `bar` property with value `baz` to all objects. This is only exploitable if attackers have control over the arguments being passed to `yargs-parser`. ## Recommendation Upgrade to versions 13.1.2, 15.0.1, 18.1.1 or later. | There are no reported fixed by versions. |
|
VCID-kh5k-ynnf-2bbx
Aliases: CVE-2020-15366 GHSA-v88g-cgmw-v5xw |
Prototype Pollution in Ajv An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.) | There are no reported fixed by versions. |
|
VCID-m4sn-7wuq-e3cd
Aliases: CVE-2020-8277 |
A Denial of Service vulnerability was discovered in c-ares. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:09:52.781360+00:00 | RedHat Importer | Affected by | VCID-jqtk-shbr-nkaw | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7608.json | 38.0.0 |
| 2026-04-01T14:05:56.017533+00:00 | RedHat Importer | Affected by | VCID-kh5k-ynnf-2bbx | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15366.json | 38.0.0 |
| 2026-04-01T14:04:06.763013+00:00 | RedHat Importer | Affected by | VCID-fu8u-pxaa-43be | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7774.json | 38.0.0 |
| 2026-04-01T14:03:57.588201+00:00 | RedHat Importer | Affected by | VCID-m4sn-7wuq-e3cd | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8277.json | 38.0.0 |