{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","type":"deb","namespace":"debian","name":"nodejs","version":"10.24.0~dfsg-1~deb10u1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"20.19.2+dfsg-1","latest_non_vulnerable_version":"20.19.2+dfsg-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37577?format=json","vulnerability_id":"VCID-2z1f-7jkw-17av","summary":"Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27982.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27982.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27982","reference_id":"","reference_type":"","scores":[{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60116","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60063","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60113","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60127","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60149","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60134","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60068","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60093","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27982"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27982","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27982"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068347","reference_id":"1068347","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068347"},{"reference_url":"https://hackerone.com/reports/2237099","reference_id":"2237099","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-07T18:19:19Z/"}],"url":"https://hackerone.com/reports/2237099"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2275392","reference_id":"2275392","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2275392"},{"reference_url":"https://security.archlinux.org/AVG-2852","reference_id":"AVG-2852","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2852"},{"reference_url":"https://security.archlinux.org/AVG-2853","reference_id":"AVG-2853","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2853"},{"reference_url":"https://security.gentoo.org/glsa/202505-11","reference_id":"GLSA-202505-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202505-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2778","reference_id":"RHSA-2024:2778","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2778"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2779","reference_id":"RHSA-2024:2779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2780","reference_id":"RHSA-2024:2780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2853","reference_id":"RHSA-2024:2853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2910","reference_id":"RHSA-2024:2910","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2910"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3545","reference_id":"RHSA-2024:3545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4559","reference_id":"RHSA-2024:4559","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4559"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994761?format=json","purl":"pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-xkpz-pb5y-jqcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1"}],"aliases":["CVE-2024-27982"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2z1f-7jkw-17av"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34821?format=json","vulnerability_id":"VCID-53xm-8w84-93cx","summary":"Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22930.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22930.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22930","reference_id":"","reference_type":"","scores":[{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55216","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55342","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55382","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55361","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55315","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55339","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55321","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55371","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1988394","reference_id":"1988394","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1988394"},{"reference_url":"https://security.archlinux.org/ASA-202108-1","reference_id":"ASA-202108-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-1"},{"reference_url":"https://security.archlinux.org/AVG-2239","reference_id":"AVG-2239","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2239"},{"reference_url":"https://security.gentoo.org/glsa/202401-02","reference_id":"GLSA-202401-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202401-02"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3280","reference_id":"RHSA-2021:3280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3281","reference_id":"RHSA-2021:3281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3623","reference_id":"RHSA-2021:3623","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3623"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3638","reference_id":"RHSA-2021:3638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3639","reference_id":"RHSA-2021:3639","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3639"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3666","reference_id":"RHSA-2021:3666","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3666"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994760?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-zstw-3wmu-u3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4"}],"aliases":["CVE-2021-22930"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-53xm-8w84-93cx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13058?format=json","vulnerability_id":"VCID-5cf7-va9h-h3gy","summary":"Improper Certificate Validation\nAccepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js does not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44531.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44531.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44531","reference_id":"","reference_type":"","scores":[{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22783","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22952","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22996","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22789","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22863","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22916","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22936","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22899","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22843","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44531"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1429694","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/1429694"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220325-0007/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220325-0007/"},{"reference_url":"https://www.debian.org/security/2022/dsa-5170","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2022/dsa-5170"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177","reference_id":"1004177","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2040839","reference_id":"2040839","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2040839"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44531","reference_id":"CVE-2021-44531","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44531"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4914","reference_id":"RHSA-2022:4914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4914"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7044","reference_id":"RHSA-2022:7044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7830","reference_id":"RHSA-2022:7830","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7830"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9073","reference_id":"RHSA-2022:9073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1742","reference_id":"RHSA-2023:1742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3742","reference_id":"RHSA-2023:3742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3742"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994760?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-zstw-3wmu-u3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4"}],"aliases":["CVE-2021-44531"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5cf7-va9h-h3gy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62475?format=json","vulnerability_id":"VCID-7tpb-9zrz-e7e1","summary":"Multiple vulnerabilities have been discovered in Node.js.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32212.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32212.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32212","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19983","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20041","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19768","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19848","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19901","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19911","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19867","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19809","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32212"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2105422","reference_id":"2105422","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2105422"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6389","reference_id":"RHSA-2022:6389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6448","reference_id":"RHSA-2022:6448","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6449","reference_id":"RHSA-2022:6449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6595","reference_id":"RHSA-2022:6595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6985","reference_id":"RHSA-2022:6985","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6985"},{"reference_url":"https://usn.ubuntu.com/6491-1/","reference_id":"USN-6491-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6491-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994760?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-zstw-3wmu-u3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4"}],"aliases":["CVE-2022-32212"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7tpb-9zrz-e7e1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53859?format=json","vulnerability_id":"VCID-8c4g-fjsa-nkhw","summary":"llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields\nThe llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. The LF character (without CR) is sufficient to delimit HTTP header fields in the lihttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This can lead to HTTP Request Smuggling (HRS).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32214.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32214.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32214","reference_id":"","reference_type":"","scores":[{"value":"0.45841","scoring_system":"epss","scoring_elements":"0.97625","published_at":"2026-04-13T12:55:00Z"},{"value":"0.45841","scoring_system":"epss","scoring_elements":"0.97612","published_at":"2026-04-07T12:55:00Z"},{"value":"0.45841","scoring_system":"epss","scoring_elements":"0.97624","published_at":"2026-04-12T12:55:00Z"},{"value":"0.45841","scoring_system":"epss","scoring_elements":"0.97622","published_at":"2026-04-11T12:55:00Z"},{"value":"0.45841","scoring_system":"epss","scoring_elements":"0.97619","published_at":"2026-04-09T12:55:00Z"},{"value":"0.45841","scoring_system":"epss","scoring_elements":"0.97617","published_at":"2026-04-08T12:55:00Z"},{"value":"0.45841","scoring_system":"epss","scoring_elements":"0.97608","published_at":"2026-04-02T12:55:00Z"},{"value":"0.45841","scoring_system":"epss","scoring_elements":"0.97611","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548"},{"reference_url":"https://datatracker.ietf.org/doc/html/rfc7230#section-3","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://datatracker.ietf.org/doc/html/rfc7230#section-3"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb"},{"reference_url":"https://hackerone.com/reports/1524692","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/1524692"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/july-2022-security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nodejs.org/en/blog/vulnerability/july-2022-security-releases"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32214","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32214"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220915-0001","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220915-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220915-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220915-0001/"},{"reference_url":"https://www.debian.org/security/2023/dsa-5326","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2023/dsa-5326"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2105428","reference_id":"2105428","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2105428"},{"reference_url":"https://github.com/advisories/GHSA-q5vx-44v4-gch4","reference_id":"GHSA-q5vx-44v4-gch4","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q5vx-44v4-gch4"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6389","reference_id":"RHSA-2022:6389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6448","reference_id":"RHSA-2022:6448","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6449","reference_id":"RHSA-2022:6449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6595","reference_id":"RHSA-2022:6595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6985","reference_id":"RHSA-2022:6985","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6985"},{"reference_url":"https://usn.ubuntu.com/6491-1/","reference_id":"USN-6491-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6491-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994760?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-zstw-3wmu-u3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4"}],"aliases":["CVE-2022-32214","GHSA-q5vx-44v4-gch4"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8c4g-fjsa-nkhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34824?format=json","vulnerability_id":"VCID-9g7s-y7nq-xfbb","summary":"Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22939.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22939.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22939","reference_id":"","reference_type":"","scores":[{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31612","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31617","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31693","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31653","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31744","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31788","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31607","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.3166","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31689","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22939"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22939","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22939"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1993039","reference_id":"1993039","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1993039"},{"reference_url":"https://security.archlinux.org/AVG-2283","reference_id":"AVG-2283","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2283"},{"reference_url":"https://security.gentoo.org/glsa/202401-02","reference_id":"GLSA-202401-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202401-02"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3280","reference_id":"RHSA-2021:3280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3281","reference_id":"RHSA-2021:3281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3623","reference_id":"RHSA-2021:3623","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3623"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3638","reference_id":"RHSA-2021:3638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3639","reference_id":"RHSA-2021:3639","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3639"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3666","reference_id":"RHSA-2021:3666","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3666"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994760?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-zstw-3wmu-u3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4"}],"aliases":["CVE-2021-22939"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9g7s-y7nq-xfbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62495?format=json","vulnerability_id":"VCID-9yq7-aba3-c7c3","summary":"Multiple vulnerabilities have been discovered in Node.js.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32559.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32559.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32559","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18926","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19169","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18885","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18963","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19017","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19024","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18977","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22427","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32559"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050739","reference_id":"1050739","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050739"},{"reference_url":"https://hackerone.com/reports/1946470","reference_id":"1946470","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:34:58Z/"}],"url":"https://hackerone.com/reports/1946470"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2230956","reference_id":"2230956","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2230956"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231006-0006/","reference_id":"ntap-20231006-0006","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T13:34:58Z/"}],"url":"https://security.netapp.com/advisory/ntap-20231006-0006/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5360","reference_id":"RHSA-2023:5360","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5360"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5361","reference_id":"RHSA-2023:5361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5362","reference_id":"RHSA-2023:5362","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5362"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5363","reference_id":"RHSA-2023:5363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5532","reference_id":"RHSA-2023:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5533","reference_id":"RHSA-2023:5533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5533"},{"reference_url":"https://usn.ubuntu.com/6822-1/","reference_id":"USN-6822-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6822-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994761?format=json","purl":"pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-xkpz-pb5y-jqcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1"}],"aliases":["CVE-2023-32559"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9yq7-aba3-c7c3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53933?format=json","vulnerability_id":"VCID-b54b-pd2b-bygm","summary":"llhttp allows HTTP Request Smuggling via Flawed Parsing of Transfer-Encoding\nThe llhttp parser in the http module in Node.js v17.x does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).\n\nImpacts:\n\n- All versions of the nodejs 18.x, 16.x, and 14.x releases lines.\n- llhttp v6.0.7 and llhttp v2.1.5 contains the fixes that were updated inside Node.js","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32213.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32213.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32213","reference_id":"","reference_type":"","scores":[{"value":"0.89626","scoring_system":"epss","scoring_elements":"0.99561","published_at":"2026-04-13T12:55:00Z"},{"value":"0.89626","scoring_system":"epss","scoring_elements":"0.9956","published_at":"2026-04-12T12:55:00Z"},{"value":"0.89626","scoring_system":"epss","scoring_elements":"0.99559","published_at":"2026-04-07T12:55:00Z"},{"value":"0.89626","scoring_system":"epss","scoring_elements":"0.99558","published_at":"2026-04-04T12:55:00Z"},{"value":"0.89626","scoring_system":"epss","scoring_elements":"0.99557","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32213"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb"},{"reference_url":"https://hackerone.com/reports/1524555","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/1524555"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/july-2022-security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nodejs.org/en/blog/vulnerability/july-2022-security-releases"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32213","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32213"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220915-0001","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220915-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220915-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220915-0001/"},{"reference_url":"https://www.debian.org/security/2023/dsa-5326","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2023/dsa-5326"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2105430","reference_id":"2105430","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2105430"},{"reference_url":"https://github.com/advisories/GHSA-5689-v88g-g6rv","reference_id":"GHSA-5689-v88g-g6rv","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5689-v88g-g6rv"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6389","reference_id":"RHSA-2022:6389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6448","reference_id":"RHSA-2022:6448","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6449","reference_id":"RHSA-2022:6449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6595","reference_id":"RHSA-2022:6595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6985","reference_id":"RHSA-2022:6985","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6985"},{"reference_url":"https://usn.ubuntu.com/6491-1/","reference_id":"USN-6491-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6491-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994760?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-zstw-3wmu-u3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4"}],"aliases":["CVE-2022-32213","GHSA-5689-v88g-g6rv"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b54b-pd2b-bygm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37572?format=json","vulnerability_id":"VCID-bx67-aud6-b3fa","summary":"Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22025.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22025.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22025","reference_id":"","reference_type":"","scores":[{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62483","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62515","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.7042","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70429","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70444","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70404","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70359","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70415","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22025"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270559","reference_id":"2270559","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270559"},{"reference_url":"https://hackerone.com/reports/2284065","reference_id":"2284065","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T20:30:35Z/"}],"url":"https://hackerone.com/reports/2284065"},{"reference_url":"https://security.gentoo.org/glsa/202505-11","reference_id":"GLSA-202505-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202505-11"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html","reference_id":"msg00029.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T20:30:35Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240517-0008/","reference_id":"ntap-20240517-0008","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T20:30:35Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240517-0008/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2778","reference_id":"RHSA-2024:2778","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2778"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2779","reference_id":"RHSA-2024:2779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2780","reference_id":"RHSA-2024:2780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2853","reference_id":"RHSA-2024:2853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2910","reference_id":"RHSA-2024:2910","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2910"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4559","reference_id":"RHSA-2024:4559","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4559"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4721","reference_id":"RHSA-2024:4721","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4721"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994761?format=json","purl":"pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-xkpz-pb5y-jqcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1"}],"aliases":["CVE-2024-22025"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bx67-aud6-b3fa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69900?format=json","vulnerability_id":"VCID-c8xz-v6h3-6ueb","summary":"nodejs: libuv: Out-of-Bounds Access Due to Inconsistent off_t Size in libuv and Node.js Build on i386","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47153.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47153.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47153","reference_id":"","reference_type":"","scores":[{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71787","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71819","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71805","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71779","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71818","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71829","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71854","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71837","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47153"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47153","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47153"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2363236","reference_id":"2363236","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2363236"},{"reference_url":"https://github.com/nodejs/node-v0.x-archive/issues/4549","reference_id":"4549","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:42:34Z/"}],"url":"https://github.com/nodejs/node-v0.x-archive/issues/4549"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076350","reference_id":"bugreport.cgi?bug=1076350","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:42:34Z/"}],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076350"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922075","reference_id":"bugreport.cgi?bug=922075","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:42:34Z/"}],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922075"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=892601","reference_id":"show_bug.cgi?id=892601","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:42:34Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=892601"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994761?format=json","purl":"pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-xkpz-pb5y-jqcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1"}],"aliases":["CVE-2025-47153"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c8xz-v6h3-6ueb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62479?format=json","vulnerability_id":"VCID-dfdy-vhdd-5kh4","summary":"Multiple vulnerabilities have been discovered in Node.js.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35256.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35256.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35256","reference_id":"","reference_type":"","scores":[{"value":"0.03945","scoring_system":"epss","scoring_elements":"0.88301","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03945","scoring_system":"epss","scoring_elements":"0.88348","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03945","scoring_system":"epss","scoring_elements":"0.88315","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03945","scoring_system":"epss","scoring_elements":"0.8832","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03945","scoring_system":"epss","scoring_elements":"0.88339","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03945","scoring_system":"epss","scoring_elements":"0.88346","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03945","scoring_system":"epss","scoring_elements":"0.88356","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1675191","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:21:44Z/"}],"url":"https://hackerone.com/reports/1675191"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2130518","reference_id":"2130518","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2130518"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35256","reference_id":"CVE-2022-35256","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35256"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6963","reference_id":"RHSA-2022:6963","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6963"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6964","reference_id":"RHSA-2022:6964","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6964"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7044","reference_id":"RHSA-2022:7044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7821","reference_id":"RHSA-2022:7821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7830","reference_id":"RHSA-2022:7830","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7830"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0321","reference_id":"RHSA-2023:0321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1533","reference_id":"RHSA-2023:1533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1742","reference_id":"RHSA-2023:1742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1742"},{"reference_url":"https://usn.ubuntu.com/6491-1/","reference_id":"USN-6491-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6491-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994760?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-zstw-3wmu-u3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4"}],"aliases":["CVE-2022-35256"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dfdy-vhdd-5kh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62473?format=json","vulnerability_id":"VCID-e18p-c3m9-2qgy","summary":"Multiple vulnerabilities have been discovered in Node.js.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44532.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44532.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44532","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32731","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32862","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32897","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32718","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32765","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32792","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32794","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32756","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.3273","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44532"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177","reference_id":"1004177","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2040846","reference_id":"2040846","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2040846"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4914","reference_id":"RHSA-2022:4914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4914"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7044","reference_id":"RHSA-2022:7044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7830","reference_id":"RHSA-2022:7830","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7830"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9073","reference_id":"RHSA-2022:9073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1742","reference_id":"RHSA-2023:1742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3742","reference_id":"RHSA-2023:3742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3742"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994760?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-zstw-3wmu-u3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4"}],"aliases":["CVE-2021-44532"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e18p-c3m9-2qgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37546?format=json","vulnerability_id":"VCID-e6gj-fe31-kkh5","summary":"Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46809.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46809.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46809","reference_id":"","reference_type":"","scores":[{"value":"0.01239","scoring_system":"epss","scoring_elements":"0.79194","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01239","scoring_system":"epss","scoring_elements":"0.79232","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01239","scoring_system":"epss","scoring_elements":"0.79236","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01239","scoring_system":"epss","scoring_elements":"0.7926","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01239","scoring_system":"epss","scoring_elements":"0.79244","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01239","scoring_system":"epss","scoring_elements":"0.79218","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01239","scoring_system":"epss","scoring_elements":"0.79203","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01239","scoring_system":"epss","scoring_elements":"0.79228","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46809"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055","reference_id":"1064055","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2264569","reference_id":"2264569","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2264569"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/february-2024-security-releases","reference_id":"february-2024-security-releases","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T17:40:41Z/"}],"url":"https://nodejs.org/en/blog/vulnerability/february-2024-security-releases"},{"reference_url":"https://security.gentoo.org/glsa/202505-11","reference_id":"GLSA-202505-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202505-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1503","reference_id":"RHSA-2024:1503","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1503"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1510","reference_id":"RHSA-2024:1510","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1510"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1687","reference_id":"RHSA-2024:1687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1688","reference_id":"RHSA-2024:1688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1880","reference_id":"RHSA-2024:1880","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1880"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1932","reference_id":"RHSA-2024:1932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1932"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994761?format=json","purl":"pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-xkpz-pb5y-jqcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1"}],"aliases":["CVE-2023-46809"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e6gj-fe31-kkh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62488?format=json","vulnerability_id":"VCID-e7u5-356v-jbg7","summary":"Multiple vulnerabilities have been discovered in Node.js.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30590.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30590.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30590","reference_id":"","reference_type":"","scores":[{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76361","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76391","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76373","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76405","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.7642","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76445","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76423","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76418","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30590"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990","reference_id":"1039990","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2219842","reference_id":"2219842","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2219842"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4330","reference_id":"RHSA-2023:4330","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4330"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4331","reference_id":"RHSA-2023:4331","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4331"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4536","reference_id":"RHSA-2023:4536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4537","reference_id":"RHSA-2023:4537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5361","reference_id":"RHSA-2023:5361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5533","reference_id":"RHSA-2023:5533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5533"},{"reference_url":"https://usn.ubuntu.com/6735-1/","reference_id":"USN-6735-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6735-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994761?format=json","purl":"pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-xkpz-pb5y-jqcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1"}],"aliases":["CVE-2023-30590"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e7u5-356v-jbg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11561?format=json","vulnerability_id":"VCID-gwyr-ac4e-dqfa","summary":"Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')\nThe llhttp parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22959.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22959.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22959","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43692","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.4373","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43779","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43746","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43747","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43772","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43706","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43756","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43759","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22959"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1238709","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/1238709"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2014057","reference_id":"2014057","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2014057"},{"reference_url":"https://security.archlinux.org/ASA-202110-4","reference_id":"ASA-202110-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202110-4"},{"reference_url":"https://security.archlinux.org/AVG-2460","reference_id":"AVG-2460","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2460"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22959","reference_id":"CVE-2021-22959","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22959"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5171","reference_id":"RHSA-2021:5171","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0041","reference_id":"RHSA-2022:0041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0246","reference_id":"RHSA-2022:0246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0350","reference_id":"RHSA-2022:0350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4914","reference_id":"RHSA-2022:4914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4914"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994760?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-zstw-3wmu-u3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4"}],"aliases":["CVE-2021-22959"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gwyr-ac4e-dqfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78661?format=json","vulnerability_id":"VCID-hnjv-fp2r-vqfq","summary":"Node.js: insecure loading of ICU data through ICU_DATA environment variable","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23920.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23920.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23920","reference_id":"","reference_type":"","scores":[{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26656","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26505","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26699","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26485","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26553","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26602","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26608","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26562","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834","reference_id":"1031834","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2172217","reference_id":"2172217","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2172217"},{"reference_url":"https://www.debian.org/security/2023/dsa-5395","reference_id":"dsa-5395","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/"}],"url":"https://www.debian.org/security/2023/dsa-5395"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/","reference_id":"february-2023-security-releases","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/"}],"url":"https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230316-0008/","reference_id":"ntap-20230316-0008","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230316-0008/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1533","reference_id":"RHSA-2023:1533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1582","reference_id":"RHSA-2023:1582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1583","reference_id":"RHSA-2023:1583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1742","reference_id":"RHSA-2023:1742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1743","reference_id":"RHSA-2023:1743","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1743"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1744","reference_id":"RHSA-2023:1744","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1744"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2654","reference_id":"RHSA-2023:2654","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2654"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2655","reference_id":"RHSA-2023:2655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5533","reference_id":"RHSA-2023:5533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5533"},{"reference_url":"https://usn.ubuntu.com/6672-1/","reference_id":"USN-6672-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6672-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994760?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-zstw-3wmu-u3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4"}],"aliases":["CVE-2023-23920"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hnjv-fp2r-vqfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13041?format=json","vulnerability_id":"VCID-m5ae-uc68-d3g2","summary":"Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')\nThis advisory has been marked as a false positive.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21824.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21824.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21824","reference_id":"","reference_type":"","scores":[{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66171","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0066","scoring_system":"epss","scoring_elements":"0.71033","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0066","scoring_system":"epss","scoring_elements":"0.71076","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0066","scoring_system":"epss","scoring_elements":"0.71088","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0066","scoring_system":"epss","scoring_elements":"0.71111","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0066","scoring_system":"epss","scoring_elements":"0.71096","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0066","scoring_system":"epss","scoring_elements":"0.7108","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0066","scoring_system":"epss","scoring_elements":"0.71058","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21824"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1431042","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/1431042"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220325-0007/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220325-0007/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220729-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220729-0004/"},{"reference_url":"https://www.debian.org/security/2022/dsa-5170","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2022/dsa-5170"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177","reference_id":"1004177","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2040862","reference_id":"2040862","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2040862"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21824","reference_id":"CVE-2022-21824","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21824"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4914","reference_id":"RHSA-2022:4914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4914"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7044","reference_id":"RHSA-2022:7044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7830","reference_id":"RHSA-2022:7830","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7830"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9073","reference_id":"RHSA-2022:9073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1742","reference_id":"RHSA-2023:1742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3742","reference_id":"RHSA-2023:3742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3742"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994760?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-zstw-3wmu-u3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4"}],"aliases":["CVE-2022-21824"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m5ae-uc68-d3g2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62480?format=json","vulnerability_id":"VCID-m7rw-arzq-jba1","summary":"Multiple vulnerabilities have been discovered in Node.js.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43548.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43548.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43548","reference_id":"","reference_type":"","scores":[{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68402","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68447","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68422","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68398","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68449","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68466","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68492","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.6848","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43548"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023518","reference_id":"1023518","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023518"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2140911","reference_id":"2140911","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2140911"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-24T14:03:01Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/","reference_id":"november-2022-security-releases","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-24T14:03:01Z/"}],"url":"https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230120-0004/","reference_id":"ntap-20230120-0004","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-24T14:03:01Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230120-0004/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230427-0007/","reference_id":"ntap-20230427-0007","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-24T14:03:01Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230427-0007/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8832","reference_id":"RHSA-2022:8832","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8832"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8833","reference_id":"RHSA-2022:8833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8833"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9073","reference_id":"RHSA-2022:9073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0050","reference_id":"RHSA-2023:0050","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0050"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0321","reference_id":"RHSA-2023:0321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0612","reference_id":"RHSA-2023:0612","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0612"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1533","reference_id":"RHSA-2023:1533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1742","reference_id":"RHSA-2023:1742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1742"},{"reference_url":"https://usn.ubuntu.com/6491-1/","reference_id":"USN-6491-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6491-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994760?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-zstw-3wmu-u3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4"}],"aliases":["CVE-2022-43548"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m7rw-arzq-jba1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62474?format=json","vulnerability_id":"VCID-ms5y-gp7v-2qay","summary":"Multiple vulnerabilities have been discovered in Node.js.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44533.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44533.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44533","reference_id":"","reference_type":"","scores":[{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.61846","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.6192","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.6195","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.61969","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.61987","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62008","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.61997","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.61977","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44533"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177","reference_id":"1004177","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2040856","reference_id":"2040856","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2040856"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4914","reference_id":"RHSA-2022:4914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4914"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7044","reference_id":"RHSA-2022:7044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7830","reference_id":"RHSA-2022:7830","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7830"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9073","reference_id":"RHSA-2022:9073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1742","reference_id":"RHSA-2023:1742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3742","reference_id":"RHSA-2023:3742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3742"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994760?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-zstw-3wmu-u3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4"}],"aliases":["CVE-2021-44533"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ms5y-gp7v-2qay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48670?format=json","vulnerability_id":"VCID-n91z-kugd-ebb5","summary":"Multiple vulnerabilities have been found in NodeJS, the worst of\n    which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8201.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8201.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8201","reference_id":"","reference_type":"","scores":[{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70267","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70279","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70297","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70273","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70319","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70333","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70357","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70342","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70328","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8201"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1879311","reference_id":"1879311","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1879311"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4272","reference_id":"RHSA-2020:4272","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4272"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4903","reference_id":"RHSA-2020:4903","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4903"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5086","reference_id":"RHSA-2020:5086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5086"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994760?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-zstw-3wmu-u3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4"}],"aliases":["CVE-2020-8201"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n91z-kugd-ebb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37580?format=json","vulnerability_id":"VCID-nenk-4cgd-fugv","summary":"Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27983.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27983.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27983","reference_id":"","reference_type":"","scores":[{"value":"0.75933","scoring_system":"epss","scoring_elements":"0.98915","published_at":"2026-04-13T12:55:00Z"},{"value":"0.75933","scoring_system":"epss","scoring_elements":"0.98907","published_at":"2026-04-02T12:55:00Z"},{"value":"0.75933","scoring_system":"epss","scoring_elements":"0.98909","published_at":"2026-04-04T12:55:00Z"},{"value":"0.75933","scoring_system":"epss","scoring_elements":"0.98911","published_at":"2026-04-07T12:55:00Z"},{"value":"0.75933","scoring_system":"epss","scoring_elements":"0.98912","published_at":"2026-04-09T12:55:00Z"},{"value":"0.75933","scoring_system":"epss","scoring_elements":"0.98914","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27983"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27983","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27983"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068347","reference_id":"1068347","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068347"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2272764","reference_id":"2272764","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2272764"},{"reference_url":"https://hackerone.com/reports/2319584","reference_id":"2319584","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-09T19:14:56Z/"}],"url":"https://hackerone.com/reports/2319584"},{"reference_url":"https://security.archlinux.org/AVG-2852","reference_id":"AVG-2852","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2852"},{"reference_url":"https://security.archlinux.org/AVG-2853","reference_id":"AVG-2853","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2853"},{"reference_url":"https://security.gentoo.org/glsa/202505-11","reference_id":"GLSA-202505-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202505-11"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE/","reference_id":"JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-09T19:14:56Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240510-0002/","reference_id":"ntap-20240510-0002","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-09T19:14:56Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240510-0002/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2778","reference_id":"RHSA-2024:2778","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2778"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2779","reference_id":"RHSA-2024:2779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2780","reference_id":"RHSA-2024:2780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2853","reference_id":"RHSA-2024:2853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2910","reference_id":"RHSA-2024:2910","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2910"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2937","reference_id":"RHSA-2024:2937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3472","reference_id":"RHSA-2024:3472","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3472"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3544","reference_id":"RHSA-2024:3544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3545","reference_id":"RHSA-2024:3545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3553","reference_id":"RHSA-2024:3553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4353","reference_id":"RHSA-2024:4353","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4353"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4824","reference_id":"RHSA-2024:4824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4824"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDVFUH7ACZPYB3BS4SVILNOY7NQU73VW/","reference_id":"YDVFUH7ACZPYB3BS4SVILNOY7NQU73VW","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-09T19:14:56Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDVFUH7ACZPYB3BS4SVILNOY7NQU73VW/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994761?format=json","purl":"pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-xkpz-pb5y-jqcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1"}],"aliases":["CVE-2024-27983"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nenk-4cgd-fugv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62472?format=json","vulnerability_id":"VCID-pqnn-ers1-3fec","summary":"Multiple vulnerabilities have been discovered in Node.js.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22884.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22884.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22884","reference_id":"","reference_type":"","scores":[{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.5038","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50469","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50507","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50484","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50436","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50465","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50419","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50472","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22884"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22883","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22883"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1932024","reference_id":"1932024","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1932024"},{"reference_url":"https://security.archlinux.org/AVG-1604","reference_id":"AVG-1604","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1604"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0734","reference_id":"RHSA-2021:0734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0735","reference_id":"RHSA-2021:0735","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0735"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0738","reference_id":"RHSA-2021:0738","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0738"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0739","reference_id":"RHSA-2021:0739","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0739"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0740","reference_id":"RHSA-2021:0740","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0741","reference_id":"RHSA-2021:0741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0744","reference_id":"RHSA-2021:0744","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0744"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0827","reference_id":"RHSA-2021:0827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0830","reference_id":"RHSA-2021:0830","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0830"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0831","reference_id":"RHSA-2021:0831","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0831"},{"reference_url":"https://usn.ubuntu.com/6418-1/","reference_id":"USN-6418-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6418-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994760?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-zstw-3wmu-u3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4"}],"aliases":["CVE-2021-22884"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pqnn-ers1-3fec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62471?format=json","vulnerability_id":"VCID-q8th-849w-bfhp","summary":"Multiple vulnerabilities have been discovered in Node.js.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22883.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22883.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22883","reference_id":"","reference_type":"","scores":[{"value":"0.89427","scoring_system":"epss","scoring_elements":"0.99544","published_at":"2026-04-02T12:55:00Z"},{"value":"0.89427","scoring_system":"epss","scoring_elements":"0.99548","published_at":"2026-04-13T12:55:00Z"},{"value":"0.89427","scoring_system":"epss","scoring_elements":"0.99546","published_at":"2026-04-11T12:55:00Z"},{"value":"0.89427","scoring_system":"epss","scoring_elements":"0.99547","published_at":"2026-04-12T12:55:00Z"},{"value":"0.89427","scoring_system":"epss","scoring_elements":"0.99545","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22883"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22883","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22883"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1932014","reference_id":"1932014","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1932014"},{"reference_url":"https://security.archlinux.org/AVG-1604","reference_id":"AVG-1604","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1604"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0734","reference_id":"RHSA-2021:0734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0735","reference_id":"RHSA-2021:0735","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0735"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0738","reference_id":"RHSA-2021:0738","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0738"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0739","reference_id":"RHSA-2021:0739","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0739"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0740","reference_id":"RHSA-2021:0740","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0741","reference_id":"RHSA-2021:0741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0744","reference_id":"RHSA-2021:0744","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0744"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0827","reference_id":"RHSA-2021:0827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0830","reference_id":"RHSA-2021:0830","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0830"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0831","reference_id":"RHSA-2021:0831","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0831"},{"reference_url":"https://usn.ubuntu.com/6418-1/","reference_id":"USN-6418-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6418-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994760?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-zstw-3wmu-u3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4"}],"aliases":["CVE-2021-22883"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q8th-849w-bfhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11473?format=json","vulnerability_id":"VCID-tnhd-rr89-9udh","summary":"Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')\nThe parse function in llhttp ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22960.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22960.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22960","reference_id":"","reference_type":"","scores":[{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45642","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45721","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45733","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45751","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45709","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45729","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45677","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22960"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1238099","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/1238099"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2014059","reference_id":"2014059","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2014059"},{"reference_url":"https://security.archlinux.org/ASA-202110-4","reference_id":"ASA-202110-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202110-4"},{"reference_url":"https://security.archlinux.org/AVG-2460","reference_id":"AVG-2460","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2460"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22960","reference_id":"CVE-2021-22960","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22960"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5171","reference_id":"RHSA-2021:5171","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0041","reference_id":"RHSA-2022:0041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0246","reference_id":"RHSA-2022:0246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0350","reference_id":"RHSA-2022:0350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4914","reference_id":"RHSA-2022:4914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4914"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994760?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-zstw-3wmu-u3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4"}],"aliases":["CVE-2021-22960"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tnhd-rr89-9udh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37562?format=json","vulnerability_id":"VCID-vkvx-gxbu-3uau","summary":"Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22019.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22019.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22019","reference_id":"","reference_type":"","scores":[{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.5949","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.5945","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59475","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59442","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59493","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59506","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59525","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59509","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22019"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055","reference_id":"1064055","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055"},{"reference_url":"https://hackerone.com/reports/2233486","reference_id":"2233486","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T21:15:49Z/"}],"url":"https://hackerone.com/reports/2233486"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2264574","reference_id":"2264574","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2264574"},{"reference_url":"https://security.gentoo.org/glsa/202505-11","reference_id":"GLSA-202505-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202505-11"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240315-0004/","reference_id":"ntap-20240315-0004","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T21:15:49Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240315-0004/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1354","reference_id":"RHSA-2024:1354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1424","reference_id":"RHSA-2024:1424","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1424"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1438","reference_id":"RHSA-2024:1438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1438"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1444","reference_id":"RHSA-2024:1444","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1444"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1503","reference_id":"RHSA-2024:1503","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1503"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1510","reference_id":"RHSA-2024:1510","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1510"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1678","reference_id":"RHSA-2024:1678","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1678"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1687","reference_id":"RHSA-2024:1687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1688","reference_id":"RHSA-2024:1688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1880","reference_id":"RHSA-2024:1880","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1880"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1932","reference_id":"RHSA-2024:1932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2651","reference_id":"RHSA-2024:2651","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2651"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2793","reference_id":"RHSA-2024:2793","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2793"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994761?format=json","purl":"pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-xkpz-pb5y-jqcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1"}],"aliases":["CVE-2024-22019"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vkvx-gxbu-3uau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31261?format=json","vulnerability_id":"VCID-wf5t-3pwz-c7d7","summary":"Multiple vulnerabilities have been discovered in Node.js, the worst of which can lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23085.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23085.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-23085","reference_id":"","reference_type":"","scores":[{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37404","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.3744","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37452","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37466","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37431","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38068","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38175","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38197","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-23085"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23085","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23085"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094134","reference_id":"1094134","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094134"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2342618","reference_id":"2342618","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2342618"},{"reference_url":"https://security.gentoo.org/glsa/202506-08","reference_id":"GLSA-202506-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202506-08"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/january-2025-security-releases","reference_id":"january-2025-security-releases","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-07T15:50:24Z/"}],"url":"https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1351","reference_id":"RHSA-2025:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1351"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1443","reference_id":"RHSA-2025:1443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1446","reference_id":"RHSA-2025:1446","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1446"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1582","reference_id":"RHSA-2025:1582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1611","reference_id":"RHSA-2025:1611","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1611"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1613","reference_id":"RHSA-2025:1613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1613"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994761?format=json","purl":"pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-xkpz-pb5y-jqcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/994766?format=json","purl":"pkg:deb/debian/nodejs@20.19.2%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@20.19.2%252Bdfsg-1"}],"aliases":["CVE-2025-23085"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wf5t-3pwz-c7d7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62476?format=json","vulnerability_id":"VCID-wzcw-dd7m-zkaz","summary":"Multiple vulnerabilities have been discovered in Node.js.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32215.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32215.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32215","reference_id":"","reference_type":"","scores":[{"value":"0.88764","scoring_system":"epss","scoring_elements":"0.99508","published_at":"2026-04-02T12:55:00Z"},{"value":"0.88764","scoring_system":"epss","scoring_elements":"0.9951","published_at":"2026-04-04T12:55:00Z"},{"value":"0.88764","scoring_system":"epss","scoring_elements":"0.99513","published_at":"2026-04-13T12:55:00Z"},{"value":"0.88764","scoring_system":"epss","scoring_elements":"0.99511","published_at":"2026-04-07T12:55:00Z"},{"value":"0.88764","scoring_system":"epss","scoring_elements":"0.99512","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1501679","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/1501679"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2105426","reference_id":"2105426","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2105426"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32215","reference_id":"CVE-2022-32215","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32215"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6389","reference_id":"RHSA-2022:6389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6448","reference_id":"RHSA-2022:6448","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6449","reference_id":"RHSA-2022:6449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6595","reference_id":"RHSA-2022:6595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6985","reference_id":"RHSA-2022:6985","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6985"},{"reference_url":"https://usn.ubuntu.com/6491-1/","reference_id":"USN-6491-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6491-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994760?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-zstw-3wmu-u3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4"}],"aliases":["CVE-2022-32215"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wzcw-dd7m-zkaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62478?format=json","vulnerability_id":"VCID-xnzh-wpd4-63f9","summary":"Multiple vulnerabilities have been discovered in Node.js.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35255.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35255.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35255","reference_id":"","reference_type":"","scores":[{"value":"0.01191","scoring_system":"epss","scoring_elements":"0.78868","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01191","scoring_system":"epss","scoring_elements":"0.78841","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01191","scoring_system":"epss","scoring_elements":"0.78851","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01191","scoring_system":"epss","scoring_elements":"0.78829","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01191","scoring_system":"epss","scoring_elements":"0.78812","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01191","scoring_system":"epss","scoring_elements":"0.78838","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01191","scoring_system":"epss","scoring_elements":"0.78844","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01191","scoring_system":"epss","scoring_elements":"0.788","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1690000","reference_id":"1690000","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-24T13:23:49Z/"}],"url":"https://hackerone.com/reports/1690000"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2130517","reference_id":"2130517","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2130517"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230113-0002/","reference_id":"ntap-20230113-0002","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-24T13:23:49Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230113-0002/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6963","reference_id":"RHSA-2022:6963","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6963"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6964","reference_id":"RHSA-2022:6964","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6964"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7821","reference_id":"RHSA-2022:7821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7821"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994760?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-zstw-3wmu-u3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4"}],"aliases":["CVE-2022-35255"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xnzh-wpd4-63f9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48673?format=json","vulnerability_id":"VCID-zj4d-e8r7-ufg3","summary":"Multiple vulnerabilities have been found in NodeJS, the worst of\n    which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8287.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8287.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8287","reference_id":"","reference_type":"","scores":[{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93694","published_at":"2026-04-01T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93732","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93726","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93727","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93704","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93714","published_at":"2026-04-04T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93717","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8287"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016690","reference_id":"1016690","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016690"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912863","reference_id":"1912863","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912863"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364","reference_id":"979364","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364"},{"reference_url":"https://security.archlinux.org/ASA-202101-16","reference_id":"ASA-202101-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-16"},{"reference_url":"https://security.archlinux.org/AVG-1400","reference_id":"AVG-1400","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1400"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0421","reference_id":"RHSA-2021:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0485","reference_id":"RHSA-2021:0485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0521","reference_id":"RHSA-2021:0521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0548","reference_id":"RHSA-2021:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0549","reference_id":"RHSA-2021:0549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0551","reference_id":"RHSA-2021:0551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0551"},{"reference_url":"https://usn.ubuntu.com/5563-1/","reference_id":"USN-5563-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5563-1/"},{"reference_url":"https://usn.ubuntu.com/6380-1/","reference_id":"USN-6380-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6380-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994760?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-zstw-3wmu-u3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4"}],"aliases":["CVE-2020-8287"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zj4d-e8r7-ufg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18167?format=json","vulnerability_id":"VCID-zstw-3wmu-u3c8","summary":"llhttp vulnerable to HTTP request smuggling\nThe llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).\n\nThe CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30589.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30589.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30589","reference_id":"","reference_type":"","scores":[{"value":"0.01916","scoring_system":"epss","scoring_elements":"0.83313","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01916","scoring_system":"epss","scoring_elements":"0.83317","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01916","scoring_system":"epss","scoring_elements":"0.83261","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01916","scoring_system":"epss","scoring_elements":"0.83276","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01916","scoring_system":"epss","scoring_elements":"0.83275","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01916","scoring_system":"epss","scoring_elements":"0.83299","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01916","scoring_system":"epss","scoring_elements":"0.83323","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01916","scoring_system":"epss","scoring_elements":"0.83308","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30589"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/nodejs/llhttp","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nodejs/llhttp"},{"reference_url":"https://github.com/nodejs/llhttp/releases/tag/release%2Fv8.1.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nodejs/llhttp/releases/tag/release%2Fv8.1.1"},{"reference_url":"https://hackerone.com/reports/2001873","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/2001873"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCVG4TQRGTK4LKAZKVEQAUEJM7DUACYE","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCVG4TQRGTK4LKAZKVEQAUEJM7DUACYE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230803-0009","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230803-0009"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0006","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240621-0006"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990","reference_id":"1039990","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2219841","reference_id":"2219841","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2219841"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30589","reference_id":"CVE-2023-30589","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30589"},{"reference_url":"https://github.com/advisories/GHSA-cggh-pq45-6h9x","reference_id":"GHSA-cggh-pq45-6h9x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cggh-pq45-6h9x"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4330","reference_id":"RHSA-2023:4330","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4330"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4331","reference_id":"RHSA-2023:4331","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4331"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4536","reference_id":"RHSA-2023:4536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4537","reference_id":"RHSA-2023:4537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5361","reference_id":"RHSA-2023:5361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5533","reference_id":"RHSA-2023:5533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5533"},{"reference_url":"https://usn.ubuntu.com/6735-1/","reference_id":"USN-6735-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6735-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994761?format=json","purl":"pkg:deb/debian/nodejs@18.20.4%2Bdfsg-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-xkpz-pb5y-jqcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@18.20.4%252Bdfsg-1~deb12u1"}],"aliases":["CVE-2023-30589","GHSA-cggh-pq45-6h9x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zstw-3wmu-u3c8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48672?format=json","vulnerability_id":"VCID-ztt4-vnk7-7ycq","summary":"Multiple vulnerabilities have been found in NodeJS, the worst of\n    which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8265.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8265.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8265","reference_id":"","reference_type":"","scores":[{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73197","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73248","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73276","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73255","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73207","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73228","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73201","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73238","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73251","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912854","reference_id":"1912854","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912854"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364","reference_id":"979364","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364"},{"reference_url":"https://security.archlinux.org/ASA-202101-16","reference_id":"ASA-202101-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-16"},{"reference_url":"https://security.archlinux.org/AVG-1400","reference_id":"AVG-1400","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1400"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0421","reference_id":"RHSA-2021:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0485","reference_id":"RHSA-2021:0485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0521","reference_id":"RHSA-2021:0521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0548","reference_id":"RHSA-2021:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0549","reference_id":"RHSA-2021:0549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0551","reference_id":"RHSA-2021:0551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0551"},{"reference_url":"https://usn.ubuntu.com/6380-1/","reference_id":"USN-6380-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6380-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994760?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-zstw-3wmu-u3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4"}],"aliases":["CVE-2020-8265"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ztt4-vnk7-7ycq"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81223?format=json","vulnerability_id":"VCID-17k5-vadp-4kby","summary":"nghttp2: overly large SETTINGS frames can lead to DoS","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11080.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11080.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11080","reference_id":"","reference_type":"","scores":[{"value":"0.00741","scoring_system":"epss","scoring_elements":"0.72949","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00741","scoring_system":"epss","scoring_elements":"0.72893","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00741","scoring_system":"epss","scoring_elements":"0.72901","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00741","scoring_system":"epss","scoring_elements":"0.72922","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00741","scoring_system":"epss","scoring_elements":"0.72897","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00741","scoring_system":"epss","scoring_elements":"0.72934","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00741","scoring_system":"epss","scoring_elements":"0.72948","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00741","scoring_system":"epss","scoring_elements":"0.72973","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00741","scoring_system":"epss","scoring_elements":"0.72955","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1844929","reference_id":"1844929","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1844929"},{"reference_url":"https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090","reference_id":"336a98feb0d56b9ac54e12736b18785c27f75090","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/"}],"url":"https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145","reference_id":"962145","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAC2AA36OTRHKSVM5OV7TTVB3CZIGEFL/","reference_id":"AAC2AA36OTRHKSVM5OV7TTVB3CZIGEFL","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAC2AA36OTRHKSVM5OV7TTVB3CZIGEFL/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4696","reference_id":"dsa-4696","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/"}],"url":"https://www.debian.org/security/2020/dsa-4696"},{"reference_url":"https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394","reference_id":"f8da73bd042f810f34d19f9eae02b46d870af394","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/"}],"url":"https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394"},{"reference_url":"https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr","reference_id":"GHSA-q5wr-xfw9-q7xr","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/"}],"url":"https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2523","reference_id":"RHSA-2020:2523","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2523"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2524","reference_id":"RHSA-2020:2524","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2524"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2644","reference_id":"RHSA-2020:2644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2646","reference_id":"RHSA-2020:2646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2755","reference_id":"RHSA-2020:2755","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2755"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2784","reference_id":"RHSA-2020:2784","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2784"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2823","reference_id":"RHSA-2020:2823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2847","reference_id":"RHSA-2020:2847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2848","reference_id":"RHSA-2020:2848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2849","reference_id":"RHSA-2020:2849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2850","reference_id":"RHSA-2020:2850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2852","reference_id":"RHSA-2020:2852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2852"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2895","reference_id":"RHSA-2020:2895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3042","reference_id":"RHSA-2020:3042","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3084","reference_id":"RHSA-2020:3084","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3084"},{"reference_url":"https://usn.ubuntu.com/6142-1/","reference_id":"USN-6142-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6142-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"}],"aliases":["CVE-2020-11080"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-17k5-vadp-4kby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57383?format=json","vulnerability_id":"VCID-1bhj-vafz-4ya8","summary":"Multiple vulnerabilities have been found in Node.js, worst of which\n    could allow remote attackers to write arbitrary files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12122.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12122.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12122","reference_id":"","reference_type":"","scores":[{"value":"0.02716","scoring_system":"epss","scoring_elements":"0.85924","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02716","scoring_system":"epss","scoring_elements":"0.85929","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03643","scoring_system":"epss","scoring_elements":"0.87866","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0549","scoring_system":"epss","scoring_elements":"0.9019","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0549","scoring_system":"epss","scoring_elements":"0.90195","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0549","scoring_system":"epss","scoring_elements":"0.90211","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0549","scoring_system":"epss","scoring_elements":"0.90217","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0549","scoring_system":"epss","scoring_elements":"0.90175","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0549","scoring_system":"epss","scoring_elements":"0.90178","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12122"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661005","reference_id":"1661005","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661005"},{"reference_url":"https://usn.ubuntu.com/USN-4796-1/","reference_id":"USN-USN-4796-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4796-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"}],"aliases":["CVE-2018-12122"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1bhj-vafz-4ya8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57385?format=json","vulnerability_id":"VCID-3vdn-6af1-k3g6","summary":"Multiple vulnerabilities have been found in Node.js, worst of which\n    could allow remote attackers to write arbitrary files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7161.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7161.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7161","reference_id":"","reference_type":"","scores":[{"value":"0.01092","scoring_system":"epss","scoring_elements":"0.779","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01092","scoring_system":"epss","scoring_elements":"0.77957","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01092","scoring_system":"epss","scoring_elements":"0.77948","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01092","scoring_system":"epss","scoring_elements":"0.77975","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01092","scoring_system":"epss","scoring_elements":"0.77959","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01092","scoring_system":"epss","scoring_elements":"0.77907","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01092","scoring_system":"epss","scoring_elements":"0.77934","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01092","scoring_system":"epss","scoring_elements":"0.77917","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01092","scoring_system":"epss","scoring_elements":"0.77944","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7161","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7161"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/"},{"reference_url":"https://security.gentoo.org/glsa/202003-48","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-48"},{"reference_url":"http://www.securityfocus.com/bid/106363","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106363"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1591013","reference_id":"1591013","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1591013"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","reference_id":"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7161","reference_id":"CVE-2018-7161","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7161"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2949","reference_id":"RHSA-2018:2949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2949"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"}],"aliases":["CVE-2018-7161"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3vdn-6af1-k3g6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57389?format=json","vulnerability_id":"VCID-4dhf-bpv6-a3e1","summary":"Multiple vulnerabilities have been found in Node.js, worst of which\n    could allow remote attackers to write arbitrary files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15604.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15604.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15604","reference_id":"","reference_type":"","scores":[{"value":"0.03533","scoring_system":"epss","scoring_elements":"0.87611","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03533","scoring_system":"epss","scoring_elements":"0.87621","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03533","scoring_system":"epss","scoring_elements":"0.87634","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03533","scoring_system":"epss","scoring_elements":"0.87636","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03533","scoring_system":"epss","scoring_elements":"0.87656","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03533","scoring_system":"epss","scoring_elements":"0.87662","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03533","scoring_system":"epss","scoring_elements":"0.87673","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03533","scoring_system":"epss","scoring_elements":"0.87669","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03533","scoring_system":"epss","scoring_elements":"0.87666","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800367","reference_id":"1800367","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0598","reference_id":"RHSA-2020:0598","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0598"},{"reference_url":"https://usn.ubuntu.com/6380-1/","reference_id":"USN-6380-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6380-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"}],"aliases":["CVE-2019-15604"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4dhf-bpv6-a3e1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57387?format=json","vulnerability_id":"VCID-4khc-2nz3-ckhr","summary":"Multiple vulnerabilities have been found in Node.js, worst of which\n    could allow remote attackers to write arbitrary files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7164.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7164.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7164","reference_id":"","reference_type":"","scores":[{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77708","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77768","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77785","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77769","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77715","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77742","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77725","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77753","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77758","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7164"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/"},{"reference_url":"https://security.gentoo.org/glsa/202003-48","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-48"},{"reference_url":"http://www.securityfocus.com/bid/104463","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/104463"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1591023","reference_id":"1591023","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1591023"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7164","reference_id":"CVE-2018-7164","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7164"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"}],"aliases":["CVE-2018-7164"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4khc-2nz3-ckhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45?format=json","vulnerability_id":"VCID-9hzg-r1fj-pubf","summary":"Excessive CPU usage in HTTP/2 with priority changes","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9513.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9513.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9513","reference_id":"","reference_type":"","scores":[{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91201","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.9125","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91221","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91235","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91241","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91248","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91251","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91206","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91215","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html","reference_id":"","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735741","reference_id":"1735741","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735741"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885","reference_id":"934885","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037","reference_id":"935037","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037"},{"reference_url":"https://security.archlinux.org/ASA-201908-12","reference_id":"ASA-201908-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-12"},{"reference_url":"https://security.archlinux.org/ASA-201908-13","reference_id":"ASA-201908-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-13"},{"reference_url":"https://security.archlinux.org/ASA-201908-17","reference_id":"ASA-201908-17","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-17"},{"reference_url":"https://security.archlinux.org/AVG-1022","reference_id":"AVG-1022","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1022"},{"reference_url":"https://security.archlinux.org/AVG-1023","reference_id":"AVG-1023","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1023"},{"reference_url":"https://security.archlinux.org/AVG-1024","reference_id":"AVG-1024","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1024"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9513","reference_id":"CVE-2019-9513","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2692","reference_id":"RHSA-2019:2692","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2692"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2745","reference_id":"RHSA-2019:2745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2746","reference_id":"RHSA-2019:2746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2775","reference_id":"RHSA-2019:2775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2799","reference_id":"RHSA-2019:2799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2946","reference_id":"RHSA-2019:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2949","reference_id":"RHSA-2019:2949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3041","reference_id":"RHSA-2019:3041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0983","reference_id":"RHSA-2020:0983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0983"},{"reference_url":"https://usn.ubuntu.com/4099-1/","reference_id":"USN-4099-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4099-1/"},{"reference_url":"https://usn.ubuntu.com/6754-1/","reference_id":"USN-6754-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6754-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"}],"aliases":["CVE-2019-9513"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hzg-r1fj-pubf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57393?format=json","vulnerability_id":"VCID-9tvd-qsp8-byfx","summary":"Multiple vulnerabilities have been found in Node.js, worst of which\n    could allow remote attackers to write arbitrary files.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5739.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5739.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5739","reference_id":"","reference_type":"","scores":[{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54291","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54372","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54363","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54412","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54394","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54311","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54341","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54316","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54368","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5739"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/"},{"reference_url":"https://security.gentoo.org/glsa/202003-48","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-48"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190502-0008/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190502-0008/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690798","reference_id":"1690798","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690798"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5739","reference_id":"CVE-2019-5739","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5739"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"}],"aliases":["CVE-2019-5739"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9tvd-qsp8-byfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57384?format=json","vulnerability_id":"VCID-9v22-ened-4bg2","summary":"Multiple vulnerabilities have been found in Node.js, worst of which\n    could allow remote attackers to write arbitrary files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12123.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12123.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12123","reference_id":"","reference_type":"","scores":[{"value":"0.04555","scoring_system":"epss","scoring_elements":"0.89144","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04555","scoring_system":"epss","scoring_elements":"0.89151","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04555","scoring_system":"epss","scoring_elements":"0.89166","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04555","scoring_system":"epss","scoring_elements":"0.89169","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04555","scoring_system":"epss","scoring_elements":"0.89187","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04555","scoring_system":"epss","scoring_elements":"0.89192","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04555","scoring_system":"epss","scoring_elements":"0.89202","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04555","scoring_system":"epss","scoring_elements":"0.89198","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04555","scoring_system":"epss","scoring_elements":"0.89195","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12123"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12123","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12123"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661010","reference_id":"1661010","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661010"},{"reference_url":"https://usn.ubuntu.com/USN-4796-1/","reference_id":"USN-USN-4796-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4796-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"}],"aliases":["CVE-2018-12123"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9v22-ened-4bg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25?format=json","vulnerability_id":"VCID-dmv4-ydq9-a7eq","summary":"Excessive CPU usage in HTTP/2 with small window updates","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9511.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9511.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9511","reference_id":"","reference_type":"","scores":[{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94283","published_at":"2026-04-01T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94324","published_at":"2026-04-13T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94302","published_at":"2026-04-04T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94304","published_at":"2026-04-07T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94313","published_at":"2026-04-08T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94318","published_at":"2026-04-09T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94322","published_at":"2026-04-12T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94292","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741860","reference_id":"1741860","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741860"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885","reference_id":"934885","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037","reference_id":"935037","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037"},{"reference_url":"https://security.archlinux.org/ASA-201908-12","reference_id":"ASA-201908-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-12"},{"reference_url":"https://security.archlinux.org/ASA-201908-13","reference_id":"ASA-201908-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-13"},{"reference_url":"https://security.archlinux.org/ASA-201908-17","reference_id":"ASA-201908-17","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-17"},{"reference_url":"https://security.archlinux.org/AVG-1022","reference_id":"AVG-1022","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1022"},{"reference_url":"https://security.archlinux.org/AVG-1023","reference_id":"AVG-1023","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1023"},{"reference_url":"https://security.archlinux.org/AVG-1024","reference_id":"AVG-1024","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1024"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9511","reference_id":"CVE-2019-9511","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2692","reference_id":"RHSA-2019:2692","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2692"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2745","reference_id":"RHSA-2019:2745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2746","reference_id":"RHSA-2019:2746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2775","reference_id":"RHSA-2019:2775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2799","reference_id":"RHSA-2019:2799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2946","reference_id":"RHSA-2019:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2949","reference_id":"RHSA-2019:2949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3041","reference_id":"RHSA-2019:3041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0922","reference_id":"RHSA-2020:0922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1445","reference_id":"RHSA-2020:1445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2565","reference_id":"RHSA-2020:2565","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2565"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5856","reference_id":"RHSA-2024:5856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5856"},{"reference_url":"https://usn.ubuntu.com/4099-1/","reference_id":"USN-4099-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4099-1/"},{"reference_url":"https://usn.ubuntu.com/6754-1/","reference_id":"USN-6754-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6754-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"}],"aliases":["CVE-2019-9511"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dmv4-ydq9-a7eq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57381?format=json","vulnerability_id":"VCID-f7ch-ze7a-d7gr","summary":"Multiple vulnerabilities have been found in Node.js, worst of which\n    could allow remote attackers to write arbitrary files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12116.json","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12116.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12116","reference_id":"","reference_type":"","scores":[{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69917","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69929","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69944","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69922","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.6997","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69987","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.7001","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69995","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69981","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12116"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1660998","reference_id":"1660998","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1660998"},{"reference_url":"https://usn.ubuntu.com/USN-4796-1/","reference_id":"USN-USN-4796-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4796-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"}],"aliases":["CVE-2018-12116"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f7ch-ze7a-d7gr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82978?format=json","vulnerability_id":"VCID-h8gu-1htb-u3fg","summary":"nodejs: Debugger port 5858 listens on any interface by default","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12120.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12120.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12120","reference_id":"","reference_type":"","scores":[{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.61938","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.6201","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62041","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62009","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62059","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62077","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62098","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62087","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62066","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12120"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661016","reference_id":"1661016","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661016"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"}],"aliases":["CVE-2018-12120"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h8gu-1htb-u3fg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84192?format=json","vulnerability_id":"VCID-hu7c-gc8f-q3cm","summary":"nodejs: Constant Hashtable Seeds vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11499.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11499.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11499","reference_id":"","reference_type":"","scores":[{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59252","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59362","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59396","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.5938","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59326","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59349","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59314","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59364","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59377","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11499"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1475327","reference_id":"1475327","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1475327"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868162","reference_id":"868162","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2908","reference_id":"RHSA-2017:2908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2908"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3002","reference_id":"RHSA-2017:3002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3002"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"}],"aliases":["CVE-2017-11499"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hu7c-gc8f-q3cm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57390?format=json","vulnerability_id":"VCID-ke6j-fgys-gyga","summary":"Multiple vulnerabilities have been found in Node.js, worst of which\n    could allow remote attackers to write arbitrary files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15605.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15605.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15605","reference_id":"","reference_type":"","scores":[{"value":"0.32252","scoring_system":"epss","scoring_elements":"0.96807","published_at":"2026-04-01T12:55:00Z"},{"value":"0.32252","scoring_system":"epss","scoring_elements":"0.96815","published_at":"2026-04-02T12:55:00Z"},{"value":"0.32252","scoring_system":"epss","scoring_elements":"0.96816","published_at":"2026-04-04T12:55:00Z"},{"value":"0.32252","scoring_system":"epss","scoring_elements":"0.9682","published_at":"2026-04-07T12:55:00Z"},{"value":"0.32252","scoring_system":"epss","scoring_elements":"0.96828","published_at":"2026-04-08T12:55:00Z"},{"value":"0.32252","scoring_system":"epss","scoring_elements":"0.9683","published_at":"2026-04-09T12:55:00Z"},{"value":"0.32252","scoring_system":"epss","scoring_elements":"0.96832","published_at":"2026-04-12T12:55:00Z"},{"value":"0.32252","scoring_system":"epss","scoring_elements":"0.96834","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800364","reference_id":"1800364","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800364"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977467","reference_id":"977467","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977467"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0598","reference_id":"RHSA-2020:0598","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0598"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0703","reference_id":"RHSA-2020:0703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0707","reference_id":"RHSA-2020:0707","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0707"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0708","reference_id":"RHSA-2020:0708","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0708"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1510","reference_id":"RHSA-2020:1510","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1510"},{"reference_url":"https://usn.ubuntu.com/6380-1/","reference_id":"USN-6380-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6380-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"}],"aliases":["CVE-2019-15605"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ke6j-fgys-gyga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55688?format=json","vulnerability_id":"VCID-n66u-b73u-zucb","summary":"golang.org/x/net/http vulnerable to a reset flood\nSome HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. Servers that accept direct connections from untrusted clients could be remotely made to allocate an unlimited amount of memory, until the program crashes. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.\n\n### Specific Go Packages Affected\ngolang.org/x/net/http2","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2594","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2594"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2661","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2682","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2690","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2726","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2766","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2769","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2769"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2796","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2796"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2861","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2925","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2939","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2955","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2955"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2966","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2966"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3131","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3245","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3245"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3265","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3265"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3892","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3906","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4018","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4018"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4019","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4020","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4021","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4040","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4041","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4042","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4045","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4269","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4269"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4273","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4352","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4352"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0406","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0406"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0727","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0727"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9514.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9514.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9514","reference_id":"","reference_type":"","scores":[{"value":"0.09483","scoring_system":"epss","scoring_elements":"0.92825","published_at":"2026-04-12T12:55:00Z"},{"value":"0.09483","scoring_system":"epss","scoring_elements":"0.92799","published_at":"2026-04-01T12:55:00Z"},{"value":"0.09483","scoring_system":"epss","scoring_elements":"0.92806","published_at":"2026-04-02T12:55:00Z"},{"value":"0.09483","scoring_system":"epss","scoring_elements":"0.9281","published_at":"2026-04-04T12:55:00Z"},{"value":"0.09483","scoring_system":"epss","scoring_elements":"0.92809","published_at":"2026-04-07T12:55:00Z"},{"value":"0.09483","scoring_system":"epss","scoring_elements":"0.92818","published_at":"2026-04-08T12:55:00Z"},{"value":"0.09483","scoring_system":"epss","scoring_elements":"0.92822","published_at":"2026-04-09T12:55:00Z"},{"value":"0.09483","scoring_system":"epss","scoring_elements":"0.92826","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9514"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Aug/16","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2019/Aug/16"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"},{"reference_url":"https://go.dev/cl/190137","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/cl/190137"},{"reference_url":"https://go.dev/issue/33606","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/issue/33606"},{"reference_url":"https://go.googlesource.com/go/+/145e193131eb486077b66009beb051aba07c52a5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.googlesource.com/go/+/145e193131eb486077b66009beb051aba07c52a5"},{"reference_url":"https://groups.google.com/g/golang-announce/c/65QixT3tcmg/m/DrFiG6vvCwAJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/golang-announce/c/65QixT3tcmg/m/DrFiG6vvCwAJ"},{"reference_url":"https://kb.cert.org/vuls/id/605641","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://kb.cert.org/vuls/id/605641"},{"reference_url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10296","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10296"},{"reference_url":"https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9514","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9514"},{"reference_url":"https://pkg.go.dev/vuln/GO-2022-0536","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2022-0536"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/24","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Aug/24"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/31","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Aug/31"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/43","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Aug/43"},{"reference_url":"https://seclists.org/bugtraq/2019/Sep/18","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Sep/18"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190823-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190823-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190823-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190823-0004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190823-0005","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190823-0005"},{"reference_url":"https://support.f5.com/csp/article/K01988340","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.f5.com/csp/article/K01988340"},{"reference_url":"https://support.f5.com/csp/article/K01988340?utm_source=f5support&amp;utm_medium=RSS","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.f5.com/csp/article/K01988340?utm_source=f5support&amp;utm_medium=RSS"},{"reference_url":"https://usn.ubuntu.com/4308-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4308-1"},{"reference_url":"https://www.debian.org/security/2019/dsa-4503","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4503"},{"reference_url":"https://www.debian.org/security/2019/dsa-4508","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4508"},{"reference_url":"https://www.debian.org/security/2019/dsa-4520","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4520"},{"reference_url":"https://www.debian.org/security/2020/dsa-4669","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4669"},{"reference_url":"https://www.synology.com/security/advisory/Synology_SA_19_33","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.synology.com/security/advisory/Synology_SA_19_33"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/08/20/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/08/20/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/18/8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/10/18/8"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062667","reference_id":"1062667","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062667"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735744","reference_id":"1735744","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735744"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885","reference_id":"934885","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886","reference_id":"934886","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887","reference_id":"934887","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887"},{"reference_url":"https://security.archlinux.org/ASA-201908-15","reference_id":"ASA-201908-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-15"},{"reference_url":"https://security.archlinux.org/AVG-1021","reference_id":"AVG-1021","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2817","reference_id":"RHSA-2019:2817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0922","reference_id":"RHSA-2020:0922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0983","reference_id":"RHSA-2020:0983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1445","reference_id":"RHSA-2020:1445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2565","reference_id":"RHSA-2020:2565","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2565"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3196","reference_id":"RHSA-2020:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3197","reference_id":"RHSA-2020:3197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5856","reference_id":"RHSA-2024:5856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5856"},{"reference_url":"https://usn.ubuntu.com/USN-4866-1/","reference_id":"USN-USN-4866-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4866-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"}],"aliases":["CVE-2019-9514","GHSA-39qc-96h7-956f"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n66u-b73u-zucb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83609?format=json","vulnerability_id":"VCID-nkas-113k-wkbu","summary":"nodejs: HTTP parser allowed for spaces inside Content-Length header values","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7159.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7159.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7159","reference_id":"","reference_type":"","scores":[{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69108","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69174","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69195","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69217","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69202","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69124","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69145","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69126","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69176","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7159"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7159","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7159"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"},{"reference_url":"https://support.f5.com/csp/article/K27228191?utm_source=f5support&amp%3Butm_medium=RSS","reference_id":"","reference_type":"","scores":[],"url":"https://support.f5.com/csp/article/K27228191?utm_source=f5support&amp%3Butm_medium=RSS"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561981","reference_id":"1561981","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561981"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","reference_id":"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7159","reference_id":"CVE-2018-7159","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7159"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2949","reference_id":"RHSA-2018:2949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2258","reference_id":"RHSA-2019:2258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2258"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"}],"aliases":["CVE-2018-7159"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nkas-113k-wkbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62472?format=json","vulnerability_id":"VCID-pqnn-ers1-3fec","summary":"Multiple vulnerabilities have been discovered in Node.js.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22884.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22884.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22884","reference_id":"","reference_type":"","scores":[{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.5038","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50469","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50507","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50484","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50436","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50465","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50419","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50472","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22884"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22883","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22883"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1932024","reference_id":"1932024","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1932024"},{"reference_url":"https://security.archlinux.org/AVG-1604","reference_id":"AVG-1604","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1604"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0734","reference_id":"RHSA-2021:0734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0735","reference_id":"RHSA-2021:0735","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0735"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0738","reference_id":"RHSA-2021:0738","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0738"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0739","reference_id":"RHSA-2021:0739","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0739"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0740","reference_id":"RHSA-2021:0740","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0741","reference_id":"RHSA-2021:0741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0744","reference_id":"RHSA-2021:0744","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0744"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0827","reference_id":"RHSA-2021:0827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0830","reference_id":"RHSA-2021:0830","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0830"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0831","reference_id":"RHSA-2021:0831","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0831"},{"reference_url":"https://usn.ubuntu.com/6418-1/","reference_id":"USN-6418-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6418-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/994760?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-zstw-3wmu-u3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4"}],"aliases":["CVE-2021-22884"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pqnn-ers1-3fec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62471?format=json","vulnerability_id":"VCID-q8th-849w-bfhp","summary":"Multiple vulnerabilities have been discovered in Node.js.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22883.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22883.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22883","reference_id":"","reference_type":"","scores":[{"value":"0.89427","scoring_system":"epss","scoring_elements":"0.99544","published_at":"2026-04-02T12:55:00Z"},{"value":"0.89427","scoring_system":"epss","scoring_elements":"0.99548","published_at":"2026-04-13T12:55:00Z"},{"value":"0.89427","scoring_system":"epss","scoring_elements":"0.99546","published_at":"2026-04-11T12:55:00Z"},{"value":"0.89427","scoring_system":"epss","scoring_elements":"0.99547","published_at":"2026-04-12T12:55:00Z"},{"value":"0.89427","scoring_system":"epss","scoring_elements":"0.99545","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22883"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22883","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22883"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1932014","reference_id":"1932014","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1932014"},{"reference_url":"https://security.archlinux.org/AVG-1604","reference_id":"AVG-1604","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1604"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0734","reference_id":"RHSA-2021:0734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0735","reference_id":"RHSA-2021:0735","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0735"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0738","reference_id":"RHSA-2021:0738","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0738"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0739","reference_id":"RHSA-2021:0739","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0739"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0740","reference_id":"RHSA-2021:0740","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0741","reference_id":"RHSA-2021:0741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0744","reference_id":"RHSA-2021:0744","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0744"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0827","reference_id":"RHSA-2021:0827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0830","reference_id":"RHSA-2021:0830","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0830"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0831","reference_id":"RHSA-2021:0831","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0831"},{"reference_url":"https://usn.ubuntu.com/6418-1/","reference_id":"USN-6418-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6418-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/994760?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-zstw-3wmu-u3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4"}],"aliases":["CVE-2021-22883"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q8th-849w-bfhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57386?format=json","vulnerability_id":"VCID-r8jj-tkxd-5qg8","summary":"Multiple vulnerabilities have been found in Node.js, worst of which\n    could allow remote attackers to write arbitrary files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7162.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7162.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7162","reference_id":"","reference_type":"","scores":[{"value":"0.01017","scoring_system":"epss","scoring_elements":"0.77114","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01017","scoring_system":"epss","scoring_elements":"0.77175","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01017","scoring_system":"epss","scoring_elements":"0.772","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01017","scoring_system":"epss","scoring_elements":"0.77179","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01017","scoring_system":"epss","scoring_elements":"0.7712","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01017","scoring_system":"epss","scoring_elements":"0.77149","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01017","scoring_system":"epss","scoring_elements":"0.77131","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01017","scoring_system":"epss","scoring_elements":"0.77164","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01017","scoring_system":"epss","scoring_elements":"0.77173","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7162"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7162"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/"},{"reference_url":"https://security.gentoo.org/glsa/202003-48","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-48"},{"reference_url":"http://www.securityfocus.com/bid/104468","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/104468"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1591018","reference_id":"1591018","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1591018"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","reference_id":"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7162","reference_id":"CVE-2018-7162","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7162"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"}],"aliases":["CVE-2018-7162"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r8jj-tkxd-5qg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57388?format=json","vulnerability_id":"VCID-rhxy-h93e-y3d4","summary":"Multiple vulnerabilities have been found in Node.js, worst of which\n    could allow remote attackers to write arbitrary files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7167.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7167.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7167","reference_id":"","reference_type":"","scores":[{"value":"0.00756","scoring_system":"epss","scoring_elements":"0.73255","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00756","scoring_system":"epss","scoring_elements":"0.73283","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00756","scoring_system":"epss","scoring_elements":"0.73262","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74239","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74244","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74271","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74277","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74292","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7167"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/"},{"reference_url":"https://security.gentoo.org/glsa/202003-48","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-48"},{"reference_url":"http://www.securityfocus.com/bid/106363","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106363"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1591006","reference_id":"1591006","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1591006"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","reference_id":"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7167","reference_id":"CVE-2018-7167","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7167"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2949","reference_id":"RHSA-2018:2949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2949"},{"reference_url":"https://usn.ubuntu.com/USN-4796-1/","reference_id":"USN-USN-4796-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4796-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"}],"aliases":["CVE-2018-7167"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhxy-h93e-y3d4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57380?format=json","vulnerability_id":"VCID-tqg7-dw5d-z3et","summary":"Multiple vulnerabilities have been found in Node.js, worst of which\n    could allow remote attackers to write arbitrary files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12115.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12115.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12115","reference_id":"","reference_type":"","scores":[{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73956","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73963","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73988","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73959","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73993","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74007","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74029","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74011","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74004","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12115"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1620219","reference_id":"1620219","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1620219"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2552","reference_id":"RHSA-2018:2552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2553","reference_id":"RHSA-2018:2553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2944","reference_id":"RHSA-2018:2944","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2944"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2949","reference_id":"RHSA-2018:2949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2949"},{"reference_url":"https://usn.ubuntu.com/USN-4796-1/","reference_id":"USN-USN-4796-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4796-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"}],"aliases":["CVE-2018-12115"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tqg7-dw5d-z3et"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14481?format=json","vulnerability_id":"VCID-u8pe-48f4-abc9","summary":"Authentication Bypass by Spoofing\nThe Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7160.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7160.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7160","reference_id":"","reference_type":"","scores":[{"value":"0.01501","scoring_system":"epss","scoring_elements":"0.8114","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01501","scoring_system":"epss","scoring_elements":"0.81147","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01501","scoring_system":"epss","scoring_elements":"0.8116","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01501","scoring_system":"epss","scoring_elements":"0.81142","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01501","scoring_system":"epss","scoring_elements":"0.81075","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01501","scoring_system":"epss","scoring_elements":"0.81108","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01501","scoring_system":"epss","scoring_elements":"0.81109","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01501","scoring_system":"epss","scoring_elements":"0.81084","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01501","scoring_system":"epss","scoring_elements":"0.81136","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7160","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7160"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/nodejs/node/commit/e3950d1a402b80e4098a40aacddd6a104da0cfa9","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nodejs/node/commit/e3950d1a402b80e4098a40aacddd6a104da0cfa9"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"},{"reference_url":"https://support.f5.com/csp/article/K63025104?utm_source=f5support&amp%3Butm_medium=RSS","reference_id":"","reference_type":"","scores":[],"url":"https://support.f5.com/csp/article/K63025104?utm_source=f5support&amp%3Butm_medium=RSS"},{"reference_url":"https://support.f5.com/csp/article/K63025104?utm_source=f5support&amp;utm_medium=RSS","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.f5.com/csp/article/K63025104?utm_source=f5support&amp;utm_medium=RSS"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561979","reference_id":"1561979","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561979"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","reference_id":"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7160","reference_id":"CVE-2018-7160","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7160"},{"reference_url":"https://github.com/advisories/GHSA-wq4c-wm6x-jw44","reference_id":"GHSA-wq4c-wm6x-jw44","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wq4c-wm6x-jw44"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2949","reference_id":"RHSA-2018:2949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2949"},{"reference_url":"https://usn.ubuntu.com/USN-4796-1/","reference_id":"USN-USN-4796-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4796-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"}],"aliases":["CVE-2018-7160","GHSA-wq4c-wm6x-jw44"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u8pe-48f4-abc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57392?format=json","vulnerability_id":"VCID-us11-vy4j-pfd2","summary":"Multiple vulnerabilities have been found in Node.js, worst of which\n    could allow remote attackers to write arbitrary files.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00059.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00059.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1821","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1821"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5737.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5737.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5737","reference_id":"","reference_type":"","scores":[{"value":"0.26351","scoring_system":"epss","scoring_elements":"0.96272","published_at":"2026-04-01T12:55:00Z"},{"value":"0.26351","scoring_system":"epss","scoring_elements":"0.9631","published_at":"2026-04-13T12:55:00Z"},{"value":"0.26351","scoring_system":"epss","scoring_elements":"0.963","published_at":"2026-04-08T12:55:00Z"},{"value":"0.26351","scoring_system":"epss","scoring_elements":"0.96303","published_at":"2026-04-09T12:55:00Z"},{"value":"0.26351","scoring_system":"epss","scoring_elements":"0.96307","published_at":"2026-04-12T12:55:00Z"},{"value":"0.26351","scoring_system":"epss","scoring_elements":"0.96279","published_at":"2026-04-02T12:55:00Z"},{"value":"0.26351","scoring_system":"epss","scoring_elements":"0.96287","published_at":"2026-04-04T12:55:00Z"},{"value":"0.26351","scoring_system":"epss","scoring_elements":"0.96291","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5737"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/"},{"reference_url":"https://security.gentoo.org/glsa/202003-48","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-48"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190502-0008/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190502-0008/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690808","reference_id":"1690808","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690808"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","reference_id":"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5737","reference_id":"CVE-2019-5737","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5737"},{"reference_url":"https://usn.ubuntu.com/USN-4796-1/","reference_id":"USN-USN-4796-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4796-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"}],"aliases":["CVE-2019-5737"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-us11-vy4j-pfd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83608?format=json","vulnerability_id":"VCID-usab-z8q8-7qd8","summary":"nodejs: path module regular expression denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7158.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7158.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7158","reference_id":"","reference_type":"","scores":[{"value":"0.01264","scoring_system":"epss","scoring_elements":"0.79394","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01264","scoring_system":"epss","scoring_elements":"0.79443","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01264","scoring_system":"epss","scoring_elements":"0.79447","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01264","scoring_system":"epss","scoring_elements":"0.7947","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01264","scoring_system":"epss","scoring_elements":"0.79454","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01264","scoring_system":"epss","scoring_elements":"0.79401","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01264","scoring_system":"epss","scoring_elements":"0.79424","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01264","scoring_system":"epss","scoring_elements":"0.79411","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01264","scoring_system":"epss","scoring_elements":"0.79438","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7158"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7158","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7158"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561980","reference_id":"1561980","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561980"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","reference_id":"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7158","reference_id":"CVE-2018-7158","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7158"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"}],"aliases":["CVE-2018-7158"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-usab-z8q8-7qd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57391?format=json","vulnerability_id":"VCID-wpfq-sq11-fqa9","summary":"Multiple vulnerabilities have been found in Node.js, worst of which\n    could allow remote attackers to write arbitrary files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15606.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15606.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15606","reference_id":"","reference_type":"","scores":[{"value":"0.01338","scoring_system":"epss","scoring_elements":"0.79948","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01338","scoring_system":"epss","scoring_elements":"0.79955","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01338","scoring_system":"epss","scoring_elements":"0.79976","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01338","scoring_system":"epss","scoring_elements":"0.79965","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01338","scoring_system":"epss","scoring_elements":"0.79993","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01338","scoring_system":"epss","scoring_elements":"0.80002","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01338","scoring_system":"epss","scoring_elements":"0.80022","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01338","scoring_system":"epss","scoring_elements":"0.80006","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01338","scoring_system":"epss","scoring_elements":"0.79998","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15606"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800366","reference_id":"1800366","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0598","reference_id":"RHSA-2020:0598","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0598"},{"reference_url":"https://usn.ubuntu.com/6380-1/","reference_id":"USN-6380-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6380-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"}],"aliases":["CVE-2019-15606"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wpfq-sq11-fqa9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48668?format=json","vulnerability_id":"VCID-xeay-8ec9-4bdd","summary":"Multiple vulnerabilities have been found in NodeJS, the worst of\n    which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8174.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8174.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8174","reference_id":"","reference_type":"","scores":[{"value":"0.01491","scoring_system":"epss","scoring_elements":"0.80994","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01491","scoring_system":"epss","scoring_elements":"0.81003","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01491","scoring_system":"epss","scoring_elements":"0.81027","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01491","scoring_system":"epss","scoring_elements":"0.81025","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01491","scoring_system":"epss","scoring_elements":"0.81053","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01491","scoring_system":"epss","scoring_elements":"0.8106","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01491","scoring_system":"epss","scoring_elements":"0.81078","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01491","scoring_system":"epss","scoring_elements":"0.81064","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01491","scoring_system":"epss","scoring_elements":"0.81056","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8174"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1845256","reference_id":"1845256","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1845256"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145","reference_id":"962145","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2847","reference_id":"RHSA-2020:2847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2848","reference_id":"RHSA-2020:2848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2849","reference_id":"RHSA-2020:2849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2852","reference_id":"RHSA-2020:2852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2852"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2895","reference_id":"RHSA-2020:2895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3042","reference_id":"RHSA-2020:3042","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3084","reference_id":"RHSA-2020:3084","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3084"},{"reference_url":"https://usn.ubuntu.com/6380-1/","reference_id":"USN-6380-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6380-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"}],"aliases":["CVE-2020-8174"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xeay-8ec9-4bdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48673?format=json","vulnerability_id":"VCID-zj4d-e8r7-ufg3","summary":"Multiple vulnerabilities have been found in NodeJS, the worst of\n    which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8287.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8287.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8287","reference_id":"","reference_type":"","scores":[{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93694","published_at":"2026-04-01T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93732","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93726","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93727","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93704","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93714","published_at":"2026-04-04T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93717","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8287"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016690","reference_id":"1016690","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016690"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912863","reference_id":"1912863","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912863"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364","reference_id":"979364","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364"},{"reference_url":"https://security.archlinux.org/ASA-202101-16","reference_id":"ASA-202101-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-16"},{"reference_url":"https://security.archlinux.org/AVG-1400","reference_id":"AVG-1400","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1400"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0421","reference_id":"RHSA-2021:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0485","reference_id":"RHSA-2021:0485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0521","reference_id":"RHSA-2021:0521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0548","reference_id":"RHSA-2021:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0549","reference_id":"RHSA-2021:0549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0551","reference_id":"RHSA-2021:0551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0551"},{"reference_url":"https://usn.ubuntu.com/5563-1/","reference_id":"USN-5563-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5563-1/"},{"reference_url":"https://usn.ubuntu.com/6380-1/","reference_id":"USN-6380-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6380-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/994760?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-zstw-3wmu-u3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4"}],"aliases":["CVE-2020-8287"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zj4d-e8r7-ufg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57382?format=json","vulnerability_id":"VCID-zrbm-htvv-eke9","summary":"Multiple vulnerabilities have been found in Node.js, worst of which\n    could allow remote attackers to write arbitrary files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12121.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12121.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12121","reference_id":"","reference_type":"","scores":[{"value":"0.08466","scoring_system":"epss","scoring_elements":"0.92321","published_at":"2026-04-01T12:55:00Z"},{"value":"0.08466","scoring_system":"epss","scoring_elements":"0.92328","published_at":"2026-04-02T12:55:00Z"},{"value":"0.08466","scoring_system":"epss","scoring_elements":"0.92334","published_at":"2026-04-04T12:55:00Z"},{"value":"0.08466","scoring_system":"epss","scoring_elements":"0.92338","published_at":"2026-04-07T12:55:00Z"},{"value":"0.08466","scoring_system":"epss","scoring_elements":"0.92349","published_at":"2026-04-08T12:55:00Z"},{"value":"0.08466","scoring_system":"epss","scoring_elements":"0.92354","published_at":"2026-04-09T12:55:00Z"},{"value":"0.08466","scoring_system":"epss","scoring_elements":"0.92359","published_at":"2026-04-13T12:55:00Z"},{"value":"0.08466","scoring_system":"epss","scoring_elements":"0.92361","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12121"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12121","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12121"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661002","reference_id":"1661002","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661002"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2258","reference_id":"RHSA-2019:2258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2258"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3497","reference_id":"RHSA-2019:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3497"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"}],"aliases":["CVE-2018-12121"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zrbm-htvv-eke9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48672?format=json","vulnerability_id":"VCID-ztt4-vnk7-7ycq","summary":"Multiple vulnerabilities have been found in NodeJS, the worst of\n    which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8265.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8265.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8265","reference_id":"","reference_type":"","scores":[{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73197","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73248","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73276","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73255","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73207","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73228","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73201","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73238","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73251","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912854","reference_id":"1912854","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912854"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364","reference_id":"979364","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364"},{"reference_url":"https://security.archlinux.org/ASA-202101-16","reference_id":"ASA-202101-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-16"},{"reference_url":"https://security.archlinux.org/AVG-1400","reference_id":"AVG-1400","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1400"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0421","reference_id":"RHSA-2021:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0485","reference_id":"RHSA-2021:0485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0521","reference_id":"RHSA-2021:0521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0548","reference_id":"RHSA-2021:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0549","reference_id":"RHSA-2021:0549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0551","reference_id":"RHSA-2021:0551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0551"},{"reference_url":"https://usn.ubuntu.com/6380-1/","reference_id":"USN-6380-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6380-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038014?format=json","purl":"pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-53xm-8w84-93cx"},{"vulnerability":"VCID-5cf7-va9h-h3gy"},{"vulnerability":"VCID-7tpb-9zrz-e7e1"},{"vulnerability":"VCID-8c4g-fjsa-nkhw"},{"vulnerability":"VCID-9g7s-y7nq-xfbb"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-b54b-pd2b-bygm"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dfdy-vhdd-5kh4"},{"vulnerability":"VCID-e18p-c3m9-2qgy"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-gwyr-ac4e-dqfa"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m5ae-uc68-d3g2"},{"vulnerability":"VCID-m7rw-arzq-jba1"},{"vulnerability":"VCID-ms5y-gp7v-2qay"},{"vulnerability":"VCID-n91z-kugd-ebb5"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-pqnn-ers1-3fec"},{"vulnerability":"VCID-q8th-849w-bfhp"},{"vulnerability":"VCID-tnhd-rr89-9udh"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-wzcw-dd7m-zkaz"},{"vulnerability":"VCID-xnzh-wpd4-63f9"},{"vulnerability":"VCID-zj4d-e8r7-ufg3"},{"vulnerability":"VCID-zstw-3wmu-u3c8"},{"vulnerability":"VCID-ztt4-vnk7-7ycq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/994760?format=json","purl":"pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vp3-fzdr-yqbm"},{"vulnerability":"VCID-2t7c-dju9-pff6"},{"vulnerability":"VCID-2z1f-7jkw-17av"},{"vulnerability":"VCID-38k9-23j3-eqh7"},{"vulnerability":"VCID-43sf-4r41-wugc"},{"vulnerability":"VCID-96yh-1wub-zucg"},{"vulnerability":"VCID-98fy-tedc-ube7"},{"vulnerability":"VCID-9yq7-aba3-c7c3"},{"vulnerability":"VCID-bjza-25hu-vkad"},{"vulnerability":"VCID-bx67-aud6-b3fa"},{"vulnerability":"VCID-c8xz-v6h3-6ueb"},{"vulnerability":"VCID-dgkh-jdah-wfh9"},{"vulnerability":"VCID-dt7u-3usg-9uet"},{"vulnerability":"VCID-e6gj-fe31-kkh5"},{"vulnerability":"VCID-e7u5-356v-jbg7"},{"vulnerability":"VCID-kj75-vmwa-gqgq"},{"vulnerability":"VCID-nenk-4cgd-fugv"},{"vulnerability":"VCID-sag8-repb-g3f4"},{"vulnerability":"VCID-twc8-ewm7-wkb1"},{"vulnerability":"VCID-u8bq-8jp4-jkem"},{"vulnerability":"VCID-v7uy-445x-tuan"},{"vulnerability":"VCID-vkvx-gxbu-3uau"},{"vulnerability":"VCID-wf5t-3pwz-c7d7"},{"vulnerability":"VCID-x1an-pjq4-nbby"},{"vulnerability":"VCID-zstw-3wmu-u3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@12.22.12~dfsg-1~deb11u4"}],"aliases":["CVE-2020-8265"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ztt4-vnk7-7ycq"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nodejs@10.24.0~dfsg-1~deb10u1"}