{"url":"http://public2.vulnerablecode.io/api/packages/106748?format=json","purl":"pkg:rpm/redhat/rh-nodejs8-nodejs@8.16.0-1?arch=el7","type":"rpm","namespace":"redhat","name":"rh-nodejs8-nodejs","version":"8.16.0-1","qualifiers":{"arch":"el7"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57383?format=json","vulnerability_id":"VCID-1bhj-vafz-4ya8","summary":"Multiple vulnerabilities have been found in Node.js, worst of which\n    could allow remote attackers to write arbitrary files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12122.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12122.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12122","reference_id":"","reference_type":"","scores":[{"value":"0.02342","scoring_system":"epss","scoring_elements":"0.84983","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02342","scoring_system":"epss","scoring_elements":"0.8489","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02342","scoring_system":"epss","scoring_elements":"0.84887","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02342","scoring_system":"epss","scoring_elements":"0.84914","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02342","scoring_system":"epss","scoring_elements":"0.84923","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02342","scoring_system":"epss","scoring_elements":"0.8494","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02342","scoring_system":"epss","scoring_elements":"0.84964","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02716","scoring_system":"epss","scoring_elements":"0.85924","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02716","scoring_system":"epss","scoring_elements":"0.85943","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02716","scoring_system":"epss","scoring_elements":"0.85929","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03643","scoring_system":"epss","scoring_elements":"0.87866","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0549","scoring_system":"epss","scoring_elements":"0.90195","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0549","scoring_system":"epss","scoring_elements":"0.90211","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0549","scoring_system":"epss","scoring_elements":"0.90217","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0549","scoring_system":"epss","scoring_elements":"0.90175","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0549","scoring_system":"epss","scoring_elements":"0.90178","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0549","scoring_system":"epss","scoring_elements":"0.9019","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12122"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661005","reference_id":"1661005","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661005"},{"reference_url":"https://usn.ubuntu.com/USN-4796-1/","reference_id":"USN-USN-4796-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4796-1/"}],"fixed_packages":[],"aliases":["CVE-2018-12122"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1bhj-vafz-4ya8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57384?format=json","vulnerability_id":"VCID-9v22-ened-4bg2","summary":"Multiple vulnerabilities have been found in Node.js, worst of which\n    could allow remote attackers to write arbitrary files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12123.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12123.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12123","reference_id":"","reference_type":"","scores":[{"value":"0.03942","scoring_system":"epss","scoring_elements":"0.88415","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03942","scoring_system":"epss","scoring_elements":"0.88354","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03942","scoring_system":"epss","scoring_elements":"0.88353","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03942","scoring_system":"epss","scoring_elements":"0.8837","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03942","scoring_system":"epss","scoring_elements":"0.88374","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03942","scoring_system":"epss","scoring_elements":"0.88375","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03942","scoring_system":"epss","scoring_elements":"0.88386","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03942","scoring_system":"epss","scoring_elements":"0.88402","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04555","scoring_system":"epss","scoring_elements":"0.89202","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04555","scoring_system":"epss","scoring_elements":"0.89195","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04555","scoring_system":"epss","scoring_elements":"0.89208","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04555","scoring_system":"epss","scoring_elements":"0.89144","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04555","scoring_system":"epss","scoring_elements":"0.89198","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04555","scoring_system":"epss","scoring_elements":"0.89151","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04555","scoring_system":"epss","scoring_elements":"0.89166","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04555","scoring_system":"epss","scoring_elements":"0.89169","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04555","scoring_system":"epss","scoring_elements":"0.89187","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04555","scoring_system":"epss","scoring_elements":"0.89192","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12123"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12123","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12123"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661010","reference_id":"1661010","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661010"},{"reference_url":"https://usn.ubuntu.com/USN-4796-1/","reference_id":"USN-USN-4796-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4796-1/"}],"fixed_packages":[],"aliases":["CVE-2018-12123"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9v22-ened-4bg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57381?format=json","vulnerability_id":"VCID-f7ch-ze7a-d7gr","summary":"Multiple vulnerabilities have been found in Node.js, worst of which\n    could allow remote attackers to write arbitrary files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12116.json","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12116.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12116","reference_id":"","reference_type":"","scores":[{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67376","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67315","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67294","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67314","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67325","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67298","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67339","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.7001","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69995","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69981","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70024","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69917","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69987","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69929","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69944","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69922","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.6997","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12116"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1660998","reference_id":"1660998","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1660998"},{"reference_url":"https://usn.ubuntu.com/USN-4796-1/","reference_id":"USN-USN-4796-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4796-1/"}],"fixed_packages":[],"aliases":["CVE-2018-12116"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f7ch-ze7a-d7gr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10617?format=json","vulnerability_id":"VCID-mr9t-dr17-w3ah","summary":"Improper Link Resolution Before File Access ('Link Following')\nA vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. A patch has been applied to node-tar v2.2.2).","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1821","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1821"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20834.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20834.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20834","reference_id":"","reference_type":"","scores":[{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72529","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72538","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.7254","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72533","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.7249","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72501","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72492","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72451","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.7246","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72478","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72455","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72443","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72404","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72427","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72409","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72584","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72559","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20834"},{"reference_url":"https://github.com/isaacs/node-tar","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/isaacs/node-tar"},{"reference_url":"https://github.com/npm/node-tar/commit/7ecef07da6a9e72cc0c4d0c9c6a8e85b6b52395d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/node-tar/commit/7ecef07da6a9e72cc0c4d0c9c6a8e85b6b52395d"},{"reference_url":"https://github.com/npm/node-tar/commit/b0c58433c22f5e7fe8b1c76373f27e3f81dcd4c8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/node-tar/commit/b0c58433c22f5e7fe8b1c76373f27e3f81dcd4c8"},{"reference_url":"https://github.com/npm/node-tar/commits/v2.2.2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/node-tar/commits/v2.2.2"},{"reference_url":"https://github.com/npm/node-tar/compare/58a8d43...a5f7779","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/node-tar/compare/58a8d43...a5f7779"},{"reference_url":"https://hackerone.com/reports/344595","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/344595"},{"reference_url":"https://www.npmjs.com/advisories/803","reference_id":"","reference_type":"","scores":[],"url":"https://www.npmjs.com/advisories/803"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1702338","reference_id":"1702338","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1702338"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20834","reference_id":"CVE-2018-20834","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20834"},{"reference_url":"https://github.com/advisories/GHSA-j44m-qm6p-hp7m","reference_id":"GHSA-j44m-qm6p-hp7m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j44m-qm6p-hp7m"}],"fixed_packages":[],"aliases":["CVE-2018-20834","GHSA-j44m-qm6p-hp7m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mr9t-dr17-w3ah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57392?format=json","vulnerability_id":"VCID-us11-vy4j-pfd2","summary":"Multiple vulnerabilities have been found in Node.js, worst of which\n    could allow remote attackers to write arbitrary files.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00059.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00059.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1821","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1821"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5737.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5737.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5737","reference_id":"","reference_type":"","scores":[{"value":"0.26351","scoring_system":"epss","scoring_elements":"0.96272","published_at":"2026-04-01T12:55:00Z"},{"value":"0.26351","scoring_system":"epss","scoring_elements":"0.96349","published_at":"2026-05-09T12:55:00Z"},{"value":"0.26351","scoring_system":"epss","scoring_elements":"0.96328","published_at":"2026-04-29T12:55:00Z"},{"value":"0.26351","scoring_system":"epss","scoring_elements":"0.96337","published_at":"2026-05-05T12:55:00Z"},{"value":"0.26351","scoring_system":"epss","scoring_elements":"0.96343","published_at":"2026-05-07T12:55:00Z"},{"value":"0.26351","scoring_system":"epss","scoring_elements":"0.96279","published_at":"2026-04-02T12:55:00Z"},{"value":"0.26351","scoring_system":"epss","scoring_elements":"0.96287","published_at":"2026-04-04T12:55:00Z"},{"value":"0.26351","scoring_system":"epss","scoring_elements":"0.96291","published_at":"2026-04-07T12:55:00Z"},{"value":"0.26351","scoring_system":"epss","scoring_elements":"0.963","published_at":"2026-04-08T12:55:00Z"},{"value":"0.26351","scoring_system":"epss","scoring_elements":"0.96303","published_at":"2026-04-09T12:55:00Z"},{"value":"0.26351","scoring_system":"epss","scoring_elements":"0.96307","published_at":"2026-04-12T12:55:00Z"},{"value":"0.26351","scoring_system":"epss","scoring_elements":"0.9631","published_at":"2026-04-13T12:55:00Z"},{"value":"0.26351","scoring_system":"epss","scoring_elements":"0.96319","published_at":"2026-04-16T12:55:00Z"},{"value":"0.26351","scoring_system":"epss","scoring_elements":"0.96323","published_at":"2026-04-18T12:55:00Z"},{"value":"0.26351","scoring_system":"epss","scoring_elements":"0.96325","published_at":"2026-04-21T12:55:00Z"},{"value":"0.26351","scoring_system":"epss","scoring_elements":"0.96326","published_at":"2026-04-24T12:55:00Z"},{"value":"0.26351","scoring_system":"epss","scoring_elements":"0.96327","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5737"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/"},{"reference_url":"https://security.gentoo.org/glsa/202003-48","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-48"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190502-0008/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190502-0008/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690808","reference_id":"1690808","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690808"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","reference_id":"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5737","reference_id":"CVE-2019-5737","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5737"},{"reference_url":"https://usn.ubuntu.com/USN-4796-1/","reference_id":"USN-USN-4796-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4796-1/"}],"fixed_packages":[],"aliases":["CVE-2019-5737"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-us11-vy4j-pfd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57382?format=json","vulnerability_id":"VCID-zrbm-htvv-eke9","summary":"Multiple vulnerabilities have been found in Node.js, worst of which\n    could allow remote attackers to write arbitrary files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12121.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12121.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12121","reference_id":"","reference_type":"","scores":[{"value":"0.05572","scoring_system":"epss","scoring_elements":"0.90353","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05572","scoring_system":"epss","scoring_elements":"0.90318","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05572","scoring_system":"epss","scoring_elements":"0.90315","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05572","scoring_system":"epss","scoring_elements":"0.90326","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05572","scoring_system":"epss","scoring_elements":"0.90343","published_at":"2026-05-07T12:55:00Z"},{"value":"0.05774","scoring_system":"epss","scoring_elements":"0.90497","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05774","scoring_system":"epss","scoring_elements":"0.90496","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05774","scoring_system":"epss","scoring_elements":"0.90509","published_at":"2026-04-24T12:55:00Z"},{"value":"0.06647","scoring_system":"epss","scoring_elements":"0.91228","published_at":"2026-04-16T12:55:00Z"},{"value":"0.08466","scoring_system":"epss","scoring_elements":"0.92321","published_at":"2026-04-01T12:55:00Z"},{"value":"0.08466","scoring_system":"epss","scoring_elements":"0.92338","published_at":"2026-04-07T12:55:00Z"},{"value":"0.08466","scoring_system":"epss","scoring_elements":"0.92354","published_at":"2026-04-09T12:55:00Z"},{"value":"0.08466","scoring_system":"epss","scoring_elements":"0.92359","published_at":"2026-04-13T12:55:00Z"},{"value":"0.08466","scoring_system":"epss","scoring_elements":"0.92361","published_at":"2026-04-12T12:55:00Z"},{"value":"0.08466","scoring_system":"epss","scoring_elements":"0.92349","published_at":"2026-04-08T12:55:00Z"},{"value":"0.08466","scoring_system":"epss","scoring_elements":"0.92328","published_at":"2026-04-02T12:55:00Z"},{"value":"0.08466","scoring_system":"epss","scoring_elements":"0.92334","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12121"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12121","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12121"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661002","reference_id":"1661002","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661002"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2258","reference_id":"RHSA-2019:2258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2258"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3497","reference_id":"RHSA-2019:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3497"}],"fixed_packages":[],"aliases":["CVE-2018-12121"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zrbm-htvv-eke9"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs8-nodejs@8.16.0-1%3Farch=el7"}