{"url":"http://public2.vulnerablecode.io/api/packages/101248?format=json","purl":"pkg:rpm/redhat/rh-nodejs10-nodejs@10.23.1-2?arch=el7","type":"rpm","namespace":"redhat","name":"rh-nodejs10-nodejs","version":"10.23.1-2","qualifiers":{"arch":"el7"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33534?format=json","vulnerability_id":"VCID-4b6t-hfzu-7uf5","summary":"dot-prop Prototype Pollution vulnerability\nPrototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8116.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8116.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8116","reference_id":"","reference_type":"","scores":[{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73612","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73432","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73455","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73436","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73428","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73471","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73479","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73473","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73506","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73518","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73514","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73508","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73533","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73556","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73517","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73539","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73598","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73604","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73378","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73387","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.7341","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73382","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73419","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8116"},{"reference_url":"https://github.com/advisories/GHSA-ff7x-qrg7-qggm","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ff7x-qrg7-qggm"},{"reference_url":"https://github.com/sindresorhus/dot-prop","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sindresorhus/dot-prop"},{"reference_url":"https://github.com/sindresorhus/dot-prop/commit/3039c8c07f6fdaa8b595ec869ae0895686a7a0f2","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sindresorhus/dot-prop/commit/3039c8c07f6fdaa8b595ec869ae0895686a7a0f2"},{"reference_url":"https://github.com/sindresorhus/dot-prop/commit/c914124f418f55edea27928e89c94d931babe587","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sindresorhus/dot-prop/commit/c914124f418f55edea27928e89c94d931babe587"},{"reference_url":"https://github.com/sindresorhus/dot-prop/issues/63","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sindresorhus/dot-prop/issues/63"},{"reference_url":"https://github.com/sindresorhus/dot-prop/tree/v4","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sindresorhus/dot-prop/tree/v4"},{"reference_url":"https://hackerone.com/reports/719856","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/719856"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8116","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8116"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868196","reference_id":"1868196","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4272","reference_id":"RHSA-2020:4272","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4272"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4903","reference_id":"RHSA-2020:4903","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4903"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5086","reference_id":"RHSA-2020:5086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5086"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0521","reference_id":"RHSA-2021:0521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0548","reference_id":"RHSA-2021:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0548"}],"fixed_packages":[],"aliases":["CVE-2020-8116","GHSA-ff7x-qrg7-qggm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4b6t-hfzu-7uf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33208?format=json","vulnerability_id":"VCID-7tyw-ppyt-zqgr","summary":"ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse\n### Overview\nThe `ini` npm package before version 1.3.6 has a Prototype Pollution vulnerability.\n\nIf an attacker submits a malicious INI file to an application that parses it with `ini.parse`, they will pollute the prototype on the application. This can be exploited further depending on the context.\n\n### Patches\n\nThis has been patched in 1.3.6.\n\n### Steps to reproduce\n\npayload.ini\n```\n[__proto__]\npolluted = \"polluted\"\n```\n\npoc.js:\n```\nvar fs = require('fs')\nvar ini = require('ini')\n\nvar parsed = ini.parse(fs.readFileSync('./payload.ini', 'utf-8'))\nconsole.log(parsed)\nconsole.log(parsed.__proto__)\nconsole.log(polluted)\n```\n\n```\n> node poc.js\n{}\n{ polluted: 'polluted' }\n{ polluted: 'polluted' }\npolluted\n```","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7788.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7788.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7788","reference_id":"","reference_type":"","scores":[{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.5257","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52518","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52502","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52541","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52546","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.5253","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52477","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52488","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52449","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52392","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.5245","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52475","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52555","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52564","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52398","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52444","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52471","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52437","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52489","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52484","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52535","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788"},{"reference_url":"https://github.com/npm/ini","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/ini"},{"reference_url":"https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7788","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7788"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-INI-1048974","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-INI-1048974"},{"reference_url":"https://www.npmjs.com/advisories/1589","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1589"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1907444","reference_id":"1907444","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1907444"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977718","reference_id":"977718","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977718"},{"reference_url":"https://github.com/advisories/GHSA-qqgx-2p2h-9c37","reference_id":"GHSA-qqgx-2p2h-9c37","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qqgx-2p2h-9c37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0421","reference_id":"RHSA-2021:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0485","reference_id":"RHSA-2021:0485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0521","reference_id":"RHSA-2021:0521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0548","reference_id":"RHSA-2021:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0549","reference_id":"RHSA-2021:0549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0551","reference_id":"RHSA-2021:0551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3280","reference_id":"RHSA-2021:3280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3281","reference_id":"RHSA-2021:3281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5171","reference_id":"RHSA-2021:5171","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0246","reference_id":"RHSA-2022:0246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0350","reference_id":"RHSA-2022:0350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6595","reference_id":"RHSA-2022:6595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6595"}],"fixed_packages":[],"aliases":["CVE-2020-7788","GHSA-qqgx-2p2h-9c37"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7tyw-ppyt-zqgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56056?format=json","vulnerability_id":"VCID-cqs6-2ryh-43gj","summary":"A buffer overflow in libuv might allow remote attacker(s) to\n    execute arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8252.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8252.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8252","reference_id":"","reference_type":"","scores":[{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39608","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39757","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39779","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39698","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39752","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39766","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39776","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.3974","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39724","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39774","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39745","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39661","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39481","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39468","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39386","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39259","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39325","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39339","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39247","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.3927","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39341","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39351","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39372","published_at":"2026-05-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8252"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8252","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8252"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1879315","reference_id":"1879315","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1879315"},{"reference_url":"https://security.gentoo.org/glsa/202009-15","reference_id":"GLSA-202009-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202009-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4272","reference_id":"RHSA-2020:4272","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4272"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4903","reference_id":"RHSA-2020:4903","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4903"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5086","reference_id":"RHSA-2020:5086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5086"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0521","reference_id":"RHSA-2021:0521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0548","reference_id":"RHSA-2021:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0548"},{"reference_url":"https://usn.ubuntu.com/4548-1/","reference_id":"USN-4548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4548-1/"}],"fixed_packages":[],"aliases":["CVE-2020-8252"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cqs6-2ryh-43gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33536?format=json","vulnerability_id":"VCID-e2wc-na6c-c3cr","summary":"npm CLI exposing sensitive information through logs\nVersions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like `<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>`. The password value is not redacted and is printed to stdout and also to any generated log files.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00015.html","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00015.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15095.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15095.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15095","reference_id":"","reference_type":"","scores":[{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27702","published_at":"2026-04-13T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.2776","published_at":"2026-04-12T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27802","published_at":"2026-04-11T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27796","published_at":"2026-04-09T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27753","published_at":"2026-04-08T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27685","published_at":"2026-04-07T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27894","published_at":"2026-04-04T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27853","published_at":"2026-04-02T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27803","published_at":"2026-04-01T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27415","published_at":"2026-04-29T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27488","published_at":"2026-04-26T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27595","published_at":"2026-04-24T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27647","published_at":"2026-04-21T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27686","published_at":"2026-04-18T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27712","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32196","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32108","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32171","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.3218","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32087","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.3211","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32178","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32198","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15095"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15095","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15095"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/npm/cli/blob/66aab417f836a901f8afb265251f761bb0422463/CHANGELOG.md#6146-2020-07-07","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/cli/blob/66aab417f836a901f8afb265251f761bb0422463/CHANGELOG.md#6146-2020-07-07"},{"reference_url":"https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc"},{"reference_url":"https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15095","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15095"},{"reference_url":"https://security.gentoo.org/glsa/202101-07","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202101-07"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1856875","reference_id":"1856875","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1856875"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964746","reference_id":"964746","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964746"},{"reference_url":"https://github.com/advisories/GHSA-93f3-23rq-pjfp","reference_id":"GHSA-93f3-23rq-pjfp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-93f3-23rq-pjfp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4272","reference_id":"RHSA-2020:4272","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4272"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4903","reference_id":"RHSA-2020:4903","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4903"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5086","reference_id":"RHSA-2020:5086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5086"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0521","reference_id":"RHSA-2021:0521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0548","reference_id":"RHSA-2021:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0548"}],"fixed_packages":[],"aliases":["CVE-2020-15095","GHSA-93f3-23rq-pjfp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e2wc-na6c-c3cr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42214?format=json","vulnerability_id":"VCID-fu8u-pxaa-43be","summary":"Prototype Pollution in y18n\n### Overview\n\nThe npm package `y18n` before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution. \n\n### POC\n\n```js\nconst y18n = require('y18n')();\n\ny18n.setLocale('__proto__');\ny18n.updateLocale({polluted: true});\n\nconsole.log(polluted); // true\n```\n\n### Recommendation\n\nUpgrade to version 3.2.2, 4.0.1, 5.0.5 or later.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7774.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7774.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7774","reference_id":"","reference_type":"","scores":[{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64738","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64723","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64713","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64659","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64637","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64665","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.6462","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64574","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64598","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64599","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64586","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64545","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64509","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64538","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64496","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64567","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64581","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64569","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64536","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64564","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64576","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64455","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64561","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7774"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7774"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/yargs/y18n","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yargs/y18n"},{"reference_url":"https://github.com/yargs/y18n/commit/90401eea9062ad498f4f792e3fff8008c4c193a3","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yargs/y18n/commit/90401eea9062ad498f4f792e3fff8008c4c193a3"},{"reference_url":"https://github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25"},{"reference_url":"https://github.com/yargs/y18n/issues/96","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yargs/y18n/issues/96"},{"reference_url":"https://github.com/yargs/y18n/pull/108","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yargs/y18n/pull/108"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7774","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7774"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-Y18N-1021887","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-Y18N-1021887"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1898680","reference_id":"1898680","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1898680"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976390","reference_id":"976390","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976390"},{"reference_url":"https://github.com/advisories/GHSA-c4w7-xm78-47vh","reference_id":"GHSA-c4w7-xm78-47vh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c4w7-xm78-47vh"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5305","reference_id":"RHSA-2020:5305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5499","reference_id":"RHSA-2020:5499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5633","reference_id":"RHSA-2020:5633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0421","reference_id":"RHSA-2021:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0521","reference_id":"RHSA-2021:0521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0548","reference_id":"RHSA-2021:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0551","reference_id":"RHSA-2021:0551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2041","reference_id":"RHSA-2021:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2438","reference_id":"RHSA-2021:2438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2438"}],"fixed_packages":[],"aliases":["CVE-2020-7774","GHSA-c4w7-xm78-47vh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fu8u-pxaa-43be"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32997?format=json","vulnerability_id":"VCID-jqtk-shbr-nkaw","summary":"yargs-parser Vulnerable to Prototype Pollution\nAffected versions of `yargs-parser` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects.  \nParsing the argument `--foo.__proto__.bar baz'` adds a `bar` property with value `baz` to all objects. This is only exploitable if attackers have control over the arguments being passed to `yargs-parser`.\n\n\n\n## Recommendation\n\nUpgrade to versions 13.1.2, 15.0.1, 18.1.1 or later.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7608.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7608.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7608","reference_id":"","reference_type":"","scores":[{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31465","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31983","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31987","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31947","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31913","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31926","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31898","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.3173","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31604","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.3152","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.3137","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.3144","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31449","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31356","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.3138","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.3191","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.32038","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.32079","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31902","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31955","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608"},{"reference_url":"https://github.com/yargs/yargs-parser","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yargs/yargs-parser"},{"reference_url":"https://github.com/yargs/yargs-parser/commit/1c417bd0b42b09c475ee881e36d292af4fa2cc36","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yargs/yargs-parser/commit/1c417bd0b42b09c475ee881e36d292af4fa2cc36"},{"reference_url":"https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7608","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7608"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381"},{"reference_url":"https://www.npmjs.com/advisories/1500","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1500"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1840004","reference_id":"1840004","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1840004"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:yargs:yargs-parser:*:*:*:*:*:node.js:*:*","reference_id":"cpe:2.3:a:yargs:yargs-parser:*:*:*:*:*:node.js:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:yargs:yargs-parser:*:*:*:*:*:node.js:*:*"},{"reference_url":"https://github.com/advisories/GHSA-p9pc-299p-vxgp","reference_id":"GHSA-p9pc-299p-vxgp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p9pc-299p-vxgp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5305","reference_id":"RHSA-2020:5305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5499","reference_id":"RHSA-2020:5499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0521","reference_id":"RHSA-2021:0521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0548","reference_id":"RHSA-2021:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2041","reference_id":"RHSA-2021:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3917","reference_id":"RHSA-2021:3917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3917"}],"fixed_packages":[],"aliases":["CVE-2020-7608","GHSA-p9pc-299p-vxgp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jqtk-shbr-nkaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52914?format=json","vulnerability_id":"VCID-kh5k-ynnf-2bbx","summary":"Prototype Pollution in Ajv\nAn issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15366.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15366.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15366","reference_id":"","reference_type":"","scores":[{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56104","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56101","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56085","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56028","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56006","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56057","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.55996","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.55949","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57606","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57609","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.5763","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57659","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57663","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57678","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57657","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57637","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57667","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57641","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57599","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57619","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57598","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58193","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15366"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15366","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15366"},{"reference_url":"https://github.com/ajv-validator/ajv","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ajv-validator/ajv"},{"reference_url":"https://github.com/ajv-validator/ajv/commit/65b2f7d76b190ac63a0d4e9154c712d7aa37049f","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ajv-validator/ajv/commit/65b2f7d76b190ac63a0d4e9154c712d7aa37049f"},{"reference_url":"https://github.com/ajv-validator/ajv/releases/tag/v6.12.3","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ajv-validator/ajv/releases/tag/v6.12.3"},{"reference_url":"https://github.com/ajv-validator/ajv/tags","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ajv-validator/ajv/tags"},{"reference_url":"https://hackerone.com/bugs?subject=user&report_id=894259","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/bugs?subject=user&report_id=894259"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15366","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15366"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0007","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240621-0007"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1857977","reference_id":"1857977","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1857977"},{"reference_url":"https://github.com/advisories/GHSA-v88g-cgmw-v5xw","reference_id":"GHSA-v88g-cgmw-v5xw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v88g-cgmw-v5xw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4298","reference_id":"RHSA-2020:4298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5305","reference_id":"RHSA-2020:5305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5499","reference_id":"RHSA-2020:5499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0421","reference_id":"RHSA-2021:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0521","reference_id":"RHSA-2021:0521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0548","reference_id":"RHSA-2021:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0551","reference_id":"RHSA-2021:0551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0781","reference_id":"RHSA-2021:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3917","reference_id":"RHSA-2021:3917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3917"}],"fixed_packages":[],"aliases":["CVE-2020-15366","GHSA-v88g-cgmw-v5xw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kh5k-ynnf-2bbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47602?format=json","vulnerability_id":"VCID-v5h1-gpt1-97bj","summary":"Regular expression denial of service in npm-user-validate\nThis affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7754.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7754.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7754","reference_id":"","reference_type":"","scores":[{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.82084","published_at":"2026-05-16T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81918","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81941","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81952","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81956","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81977","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81996","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.82021","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.82019","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.82035","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.82075","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.82083","published_at":"2026-05-15T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81814","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81824","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81847","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81844","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.8187","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81877","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81897","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81885","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.8188","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81916","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7754"},{"reference_url":"https://github.com/npm/npm-user-validate/commit/c8a87dac1a4cc6988b5418f30411a8669bef204e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/npm-user-validate/commit/c8a87dac1a4cc6988b5418f30411a8669bef204e"},{"reference_url":"https://github.com/npm/npm-user-validate/security/advisories/GHSA-xgh6-85xh-479p","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/npm-user-validate/security/advisories/GHSA-xgh6-85xh-479p"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7754","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7754"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1019353","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1019353"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-NPMUSERVALIDATE-1019352","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-NPMUSERVALIDATE-1019352"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1892430","reference_id":"1892430","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1892430"},{"reference_url":"https://github.com/advisories/GHSA-pw54-mh39-w3hc","reference_id":"GHSA-pw54-mh39-w3hc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pw54-mh39-w3hc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0421","reference_id":"RHSA-2021:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0485","reference_id":"RHSA-2021:0485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0521","reference_id":"RHSA-2021:0521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0548","reference_id":"RHSA-2021:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0549","reference_id":"RHSA-2021:0549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0551","reference_id":"RHSA-2021:0551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0551"}],"fixed_packages":[],"aliases":["CVE-2020-7754","GHSA-pw54-mh39-w3hc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v5h1-gpt1-97bj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48673?format=json","vulnerability_id":"VCID-zj4d-e8r7-ufg3","summary":"Multiple vulnerabilities have been found in NodeJS, the worst of\n    which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8287.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8287.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8287","reference_id":"","reference_type":"","scores":[{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93694","published_at":"2026-04-01T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93808","published_at":"2026-05-16T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93809","published_at":"2026-05-14T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93814","published_at":"2026-05-15T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93704","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93714","published_at":"2026-04-04T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93717","published_at":"2026-04-07T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93726","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93727","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93732","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.9375","published_at":"2026-04-16T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93757","published_at":"2026-04-18T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.9376","published_at":"2026-04-26T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93764","published_at":"2026-04-24T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93759","published_at":"2026-04-29T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93769","published_at":"2026-05-05T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.9378","published_at":"2026-05-07T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93789","published_at":"2026-05-09T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93792","published_at":"2026-05-11T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93796","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8287"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016690","reference_id":"1016690","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016690"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912863","reference_id":"1912863","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912863"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364","reference_id":"979364","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364"},{"reference_url":"https://security.archlinux.org/ASA-202101-16","reference_id":"ASA-202101-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-16"},{"reference_url":"https://security.archlinux.org/AVG-1400","reference_id":"AVG-1400","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1400"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0421","reference_id":"RHSA-2021:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0485","reference_id":"RHSA-2021:0485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0521","reference_id":"RHSA-2021:0521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0548","reference_id":"RHSA-2021:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0549","reference_id":"RHSA-2021:0549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0551","reference_id":"RHSA-2021:0551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0551"},{"reference_url":"https://usn.ubuntu.com/5563-1/","reference_id":"USN-5563-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5563-1/"},{"reference_url":"https://usn.ubuntu.com/6380-1/","reference_id":"USN-6380-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6380-1/"}],"fixed_packages":[],"aliases":["CVE-2020-8287"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zj4d-e8r7-ufg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48672?format=json","vulnerability_id":"VCID-ztt4-vnk7-7ycq","summary":"Multiple vulnerabilities have been found in NodeJS, the worst of\n    which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8265.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8265.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8265","reference_id":"","reference_type":"","scores":[{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73197","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73438","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73423","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.7343","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73207","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73228","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73201","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73238","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73251","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73276","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73255","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73248","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73291","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.733","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73292","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73326","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.7334","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73338","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73332","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73359","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73383","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73342","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73365","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912854","reference_id":"1912854","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912854"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364","reference_id":"979364","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364"},{"reference_url":"https://security.archlinux.org/ASA-202101-16","reference_id":"ASA-202101-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-16"},{"reference_url":"https://security.archlinux.org/AVG-1400","reference_id":"AVG-1400","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1400"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0421","reference_id":"RHSA-2021:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0485","reference_id":"RHSA-2021:0485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0521","reference_id":"RHSA-2021:0521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0548","reference_id":"RHSA-2021:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0549","reference_id":"RHSA-2021:0549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0551","reference_id":"RHSA-2021:0551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0551"},{"reference_url":"https://usn.ubuntu.com/6380-1/","reference_id":"USN-6380-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6380-1/"}],"fixed_packages":[],"aliases":["CVE-2020-8265"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ztt4-vnk7-7ycq"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs10-nodejs@10.23.1-2%3Farch=el7"}