{"url":"http://public2.vulnerablecode.io/api/packages/101379?format=json","purl":"pkg:rpm/redhat/rh-nodejs12-nodejs@12.19.1-2?arch=el7","type":"rpm","namespace":"redhat","name":"rh-nodejs12-nodejs","version":"12.19.1-2","qualifiers":{"arch":"el7"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42214?format=json","vulnerability_id":"VCID-fu8u-pxaa-43be","summary":"Prototype Pollution in y18n\n### Overview\n\nThe npm package `y18n` before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution. \n\n### POC\n\n```js\nconst y18n = require('y18n')();\n\ny18n.setLocale('__proto__');\ny18n.updateLocale({polluted: true});\n\nconsole.log(polluted); // true\n```\n\n### Recommendation\n\nUpgrade to version 3.2.2, 4.0.1, 5.0.5 or later.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7774.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7774.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7774","reference_id":"","reference_type":"","scores":[{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64723","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64713","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64659","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64637","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64665","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.6462","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64574","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64598","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64599","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64586","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64567","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64509","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64496","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64538","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64581","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64569","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64536","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64564","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64576","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64561","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64455","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64545","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7774"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7774"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/yargs/y18n","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yargs/y18n"},{"reference_url":"https://github.com/yargs/y18n/commit/90401eea9062ad498f4f792e3fff8008c4c193a3","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yargs/y18n/commit/90401eea9062ad498f4f792e3fff8008c4c193a3"},{"reference_url":"https://github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25"},{"reference_url":"https://github.com/yargs/y18n/issues/96","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yargs/y18n/issues/96"},{"reference_url":"https://github.com/yargs/y18n/pull/108","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yargs/y18n/pull/108"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7774","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7774"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-Y18N-1021887","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-Y18N-1021887"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1898680","reference_id":"1898680","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1898680"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976390","reference_id":"976390","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976390"},{"reference_url":"https://github.com/advisories/GHSA-c4w7-xm78-47vh","reference_id":"GHSA-c4w7-xm78-47vh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c4w7-xm78-47vh"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5305","reference_id":"RHSA-2020:5305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5499","reference_id":"RHSA-2020:5499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5633","reference_id":"RHSA-2020:5633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0421","reference_id":"RHSA-2021:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0521","reference_id":"RHSA-2021:0521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0548","reference_id":"RHSA-2021:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0551","reference_id":"RHSA-2021:0551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2041","reference_id":"RHSA-2021:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2438","reference_id":"RHSA-2021:2438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2438"}],"fixed_packages":[],"aliases":["CVE-2020-7774","GHSA-c4w7-xm78-47vh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fu8u-pxaa-43be"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32997?format=json","vulnerability_id":"VCID-jqtk-shbr-nkaw","summary":"yargs-parser Vulnerable to Prototype Pollution\nAffected versions of `yargs-parser` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects.  \nParsing the argument `--foo.__proto__.bar baz'` adds a `bar` property with value `baz` to all objects. This is only exploitable if attackers have control over the arguments being passed to `yargs-parser`.\n\n\n\n## Recommendation\n\nUpgrade to versions 13.1.2, 15.0.1, 18.1.1 or later.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7608.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7608.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7608","reference_id":"","reference_type":"","scores":[{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31465","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31983","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31987","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31947","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31913","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31926","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31898","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.3173","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31604","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.3152","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.3137","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.3144","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31449","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31356","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.3138","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.3191","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.32038","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.32079","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31902","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31955","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608"},{"reference_url":"https://github.com/yargs/yargs-parser","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yargs/yargs-parser"},{"reference_url":"https://github.com/yargs/yargs-parser/commit/1c417bd0b42b09c475ee881e36d292af4fa2cc36","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yargs/yargs-parser/commit/1c417bd0b42b09c475ee881e36d292af4fa2cc36"},{"reference_url":"https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7608","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7608"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381"},{"reference_url":"https://www.npmjs.com/advisories/1500","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1500"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1840004","reference_id":"1840004","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1840004"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:yargs:yargs-parser:*:*:*:*:*:node.js:*:*","reference_id":"cpe:2.3:a:yargs:yargs-parser:*:*:*:*:*:node.js:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:yargs:yargs-parser:*:*:*:*:*:node.js:*:*"},{"reference_url":"https://github.com/advisories/GHSA-p9pc-299p-vxgp","reference_id":"GHSA-p9pc-299p-vxgp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p9pc-299p-vxgp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5305","reference_id":"RHSA-2020:5305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5499","reference_id":"RHSA-2020:5499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0521","reference_id":"RHSA-2021:0521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0548","reference_id":"RHSA-2021:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2041","reference_id":"RHSA-2021:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3917","reference_id":"RHSA-2021:3917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3917"}],"fixed_packages":[],"aliases":["CVE-2020-7608","GHSA-p9pc-299p-vxgp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jqtk-shbr-nkaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52914?format=json","vulnerability_id":"VCID-kh5k-ynnf-2bbx","summary":"Prototype Pollution in Ajv\nAn issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15366.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15366.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15366","reference_id":"","reference_type":"","scores":[{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56101","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56085","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56028","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56006","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56057","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.55996","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.55949","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.5763","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57609","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57606","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57659","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57663","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57678","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57657","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57637","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57667","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57641","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57599","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57619","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57598","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58193","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15366"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15366","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15366"},{"reference_url":"https://github.com/ajv-validator/ajv","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ajv-validator/ajv"},{"reference_url":"https://github.com/ajv-validator/ajv/commit/65b2f7d76b190ac63a0d4e9154c712d7aa37049f","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ajv-validator/ajv/commit/65b2f7d76b190ac63a0d4e9154c712d7aa37049f"},{"reference_url":"https://github.com/ajv-validator/ajv/releases/tag/v6.12.3","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ajv-validator/ajv/releases/tag/v6.12.3"},{"reference_url":"https://github.com/ajv-validator/ajv/tags","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ajv-validator/ajv/tags"},{"reference_url":"https://hackerone.com/bugs?subject=user&report_id=894259","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/bugs?subject=user&report_id=894259"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15366","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15366"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0007","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240621-0007"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1857977","reference_id":"1857977","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1857977"},{"reference_url":"https://github.com/advisories/GHSA-v88g-cgmw-v5xw","reference_id":"GHSA-v88g-cgmw-v5xw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v88g-cgmw-v5xw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4298","reference_id":"RHSA-2020:4298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5305","reference_id":"RHSA-2020:5305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5499","reference_id":"RHSA-2020:5499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0421","reference_id":"RHSA-2021:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0521","reference_id":"RHSA-2021:0521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0548","reference_id":"RHSA-2021:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0551","reference_id":"RHSA-2021:0551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0781","reference_id":"RHSA-2021:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3917","reference_id":"RHSA-2021:3917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3917"}],"fixed_packages":[],"aliases":["CVE-2020-15366","GHSA-v88g-cgmw-v5xw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kh5k-ynnf-2bbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35492?format=json","vulnerability_id":"VCID-m4sn-7wuq-e3cd","summary":"A Denial of Service vulnerability was discovered in c-ares.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8277.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8277.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8277","reference_id":"","reference_type":"","scores":[{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.98219","published_at":"2026-04-01T12:55:00Z"},{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.98255","published_at":"2026-05-15T12:55:00Z"},{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.9825","published_at":"2026-05-11T12:55:00Z"},{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.98253","published_at":"2026-05-14T12:55:00Z"},{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.98222","published_at":"2026-04-02T12:55:00Z"},{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.98225","published_at":"2026-04-04T12:55:00Z"},{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.98226","published_at":"2026-04-07T12:55:00Z"},{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.9823","published_at":"2026-04-09T12:55:00Z"},{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.98233","published_at":"2026-04-13T12:55:00Z"},{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.98238","published_at":"2026-04-21T12:55:00Z"},{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.9824","published_at":"2026-04-24T12:55:00Z"},{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.98242","published_at":"2026-04-29T12:55:00Z"},{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.98249","published_at":"2026-05-07T12:55:00Z"},{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.98252","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1898554","reference_id":"1898554","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1898554"},{"reference_url":"https://security.archlinux.org/ASA-202011-18","reference_id":"ASA-202011-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202011-18"},{"reference_url":"https://security.archlinux.org/AVG-1280","reference_id":"AVG-1280","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1280"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8277","reference_id":"CVE-2020-8277","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8277"},{"reference_url":"https://security.gentoo.org/glsa/202012-11","reference_id":"GLSA-202012-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202012-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5305","reference_id":"RHSA-2020:5305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5499","reference_id":"RHSA-2020:5499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0421","reference_id":"RHSA-2021:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0551","reference_id":"RHSA-2021:0551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0551"},{"reference_url":"https://usn.ubuntu.com/4638-1/","reference_id":"USN-4638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4638-1/"}],"fixed_packages":[],"aliases":["CVE-2020-8277"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m4sn-7wuq-e3cd"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs12-nodejs@12.19.1-2%3Farch=el7"}