{"url":"http://public2.vulnerablecode.io/api/packages/119276?format=json","purl":"pkg:deb/debian/node-yarnpkg@1.22.19%2B~cs24.27.18-2%2Bdeb12u1?distro=trixie","type":"deb","namespace":"debian","name":"node-yarnpkg","version":"1.22.19+~cs24.27.18-2+deb12u1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.0.2+dfsg-2","latest_non_vulnerable_version":"4.1.0+dfsg-6","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76826?format=json","vulnerability_id":"VCID-1ksn-dehb-pfdb","summary":"yarn: yarnpkg regular expression denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9308.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9308.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9308","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09594","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.096","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09619","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09626","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09565","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9308"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2390129","reference_id":"2390129","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2390129"},{"reference_url":"https://github.com/yarnpkg/yarn/pull/9203","reference_id":"9203","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:ND/RL:ND/RC:UR"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:R"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:R"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-21T17:24:36Z/"}],"url":"https://github.com/yarnpkg/yarn/pull/9203"},{"reference_url":"https://vuldb.com/?ctiid.320913","reference_id":"?ctiid.320913","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:ND/RL:ND/RC:UR"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:R"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:R"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-21T17:24:36Z/"}],"url":"https://vuldb.com/?ctiid.320913"},{"reference_url":"https://vuldb.com/?id.320913","reference_id":"?id.320913","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:ND/RL:ND/RC:UR"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:R"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:R"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-21T17:24:36Z/"}],"url":"https://vuldb.com/?id.320913"},{"reference_url":"https://vuldb.com/?submit.633486","reference_id":"?submit.633486","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:ND/RL:ND/RC:UR"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:R"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:R"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-21T17:24:36Z/"}],"url":"https://vuldb.com/?submit.633486"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119289?format=json","purl":"pkg:deb/debian/node-yarnpkg@4.0.2%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@4.0.2%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119280?format=json","purl":"pkg:deb/debian/node-yarnpkg@4.1.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@4.1.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119279?format=json","purl":"pkg:deb/debian/node-yarnpkg@4.1.0%2Bdfsg-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@4.1.0%252Bdfsg-6%3Fdistro=trixie"}],"aliases":["CVE-2025-9308"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ksn-dehb-pfdb"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52373?format=json","vulnerability_id":"VCID-dw25-ruxr-fbgp","summary":"Time-of-check Time-of-use (TOCTOU) Race Condition\nThe package integrity validation in yarn contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15608.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15608.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15608","reference_id":"","reference_type":"","scores":[{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64686","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64639","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.6468","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64689","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64678","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64668","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15608"},{"reference_url":"https://github.com/yarnpkg/yarn/blob/master/CHANGELOG.md#1190","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yarnpkg/yarn/blob/master/CHANGELOG.md#1190"},{"reference_url":"https://github.com/yarnpkg/yarn/commit/0474b8c66a8ea298f5e4dedc67b2de464297ad1c","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yarnpkg/yarn/commit/0474b8c66a8ea298f5e4dedc67b2de464297ad1c"},{"reference_url":"https://hackerone.com/reports/703138","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/703138"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1851875","reference_id":"1851875","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1851875"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15608","reference_id":"CVE-2019-15608","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15608"},{"reference_url":"https://github.com/advisories/GHSA-hjxc-462x-x77j","reference_id":"GHSA-hjxc-462x-x77j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hjxc-462x-x77j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119281?format=json","purl":"pkg:deb/debian/node-yarnpkg@1.19.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@1.19.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119278?format=json","purl":"pkg:deb/debian/node-yarnpkg@1.22.10%2B~cs22.25.14-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ksn-dehb-pfdb"},{"vulnerability":"VCID-m42m-4cnh-7qfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@1.22.10%252B~cs22.25.14-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119276?format=json","purl":"pkg:deb/debian/node-yarnpkg@1.22.19%2B~cs24.27.18-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ksn-dehb-pfdb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@1.22.19%252B~cs24.27.18-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119280?format=json","purl":"pkg:deb/debian/node-yarnpkg@4.1.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@4.1.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119279?format=json","purl":"pkg:deb/debian/node-yarnpkg@4.1.0%2Bdfsg-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@4.1.0%252Bdfsg-6%3Fdistro=trixie"}],"aliases":["CVE-2019-15608","GHSA-hjxc-462x-x77j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dw25-ruxr-fbgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52087?format=json","vulnerability_id":"VCID-extp-hh35-dbdc","summary":"Improper Link Resolution Before File Access\nIn Yarn, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted \"bin\" keys. Existing files could be overwritten depending on the current user permission set.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0475","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0475"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10773.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10773.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10773","reference_id":"","reference_type":"","scores":[{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.68222","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.68181","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.68221","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.68229","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.68206","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10773"},{"reference_url":"https://blog.daniel-ruf.de/critical-design-flaw-npm-pnpm-yarn","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.daniel-ruf.de/critical-design-flaw-npm-pnpm-yarn"},{"reference_url":"https://blog.daniel-ruf.de/critical-design-flaw-npm-pnpm-yarn/","reference_id":"","reference_type":"","scores":[],"url":"https://blog.daniel-ruf.de/critical-design-flaw-npm-pnpm-yarn/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10773"},{"reference_url":"https://github.com/yarnpkg/yarn/commit/039bafd74b7b1a88a53a54f8fa6fa872615e90e7","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yarnpkg/yarn/commit/039bafd74b7b1a88a53a54f8fa6fa872615e90e7"},{"reference_url":"https://github.com/yarnpkg/yarn/issues/7761#issuecomment-565493023","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yarnpkg/yarn/issues/7761#issuecomment-565493023"},{"reference_url":"https://github.com/yarnpkg/yarn/pull/7755","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yarnpkg/yarn/pull/7755"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HIZW4NZVV5QY5WWGW2JRP3FHYKZ6ZJ5","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HIZW4NZVV5QY5WWGW2JRP3FHYKZ6ZJ5"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HIZW4NZVV5QY5WWGW2JRP3FHYKZ6ZJ5/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HIZW4NZVV5QY5WWGW2JRP3FHYKZ6ZJ5/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITY5BC63CCC647DFNUQRQ5AJDKUKUNBI","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITY5BC63CCC647DFNUQRQ5AJDKUKUNBI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITY5BC63CCC647DFNUQRQ5AJDKUKUNBI/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITY5BC63CCC647DFNUQRQ5AJDKUKUNBI/"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-YARN-537806,","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-YARN-537806,"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1788328","reference_id":"1788328","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1788328"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10773","reference_id":"CVE-2019-10773","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10773"},{"reference_url":"https://github.com/advisories/GHSA-5xf4-f2fq-f69j","reference_id":"GHSA-5xf4-f2fq-f69j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5xf4-f2fq-f69j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119277?format=json","purl":"pkg:deb/debian/node-yarnpkg@1.21.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@1.21.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119278?format=json","purl":"pkg:deb/debian/node-yarnpkg@1.22.10%2B~cs22.25.14-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ksn-dehb-pfdb"},{"vulnerability":"VCID-m42m-4cnh-7qfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@1.22.10%252B~cs22.25.14-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119276?format=json","purl":"pkg:deb/debian/node-yarnpkg@1.22.19%2B~cs24.27.18-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ksn-dehb-pfdb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@1.22.19%252B~cs24.27.18-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119280?format=json","purl":"pkg:deb/debian/node-yarnpkg@4.1.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@4.1.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119279?format=json","purl":"pkg:deb/debian/node-yarnpkg@4.1.0%2Bdfsg-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@4.1.0%252Bdfsg-6%3Fdistro=trixie"}],"aliases":["CVE-2019-10773","GHSA-5xf4-f2fq-f69j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-extp-hh35-dbdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46941?format=json","vulnerability_id":"VCID-m42m-4cnh-7qfv","summary":"Untrusted Search Path\nAn untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4435.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4435.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4435","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16105","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16136","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1622","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16211","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16168","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16082","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4435"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262284","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-17T14:29:04Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4435","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4435"},{"reference_url":"https://github.com/yarnpkg/yarn","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yarnpkg/yarn"},{"reference_url":"https://github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-17T14:29:04Z/"}],"url":"https://github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1"},{"reference_url":"https://github.com/yarnpkg/yarn/releases/tag/v1.22.13","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-17T14:29:04Z/"}],"url":"https://github.com/yarnpkg/yarn/releases/tag/v1.22.13"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-4435","reference_id":"CVE-2021-4435","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-17T14:29:04Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2021-4435"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4435","reference_id":"CVE-2021-4435","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4435"},{"reference_url":"https://github.com/advisories/GHSA-mpwj-fcr6-x34c","reference_id":"GHSA-mpwj-fcr6-x34c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mpwj-fcr6-x34c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119287?format=json","purl":"pkg:deb/debian/node-yarnpkg@1.22.19%2B~cs24.27.18-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@1.22.19%252B~cs24.27.18-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119276?format=json","purl":"pkg:deb/debian/node-yarnpkg@1.22.19%2B~cs24.27.18-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ksn-dehb-pfdb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@1.22.19%252B~cs24.27.18-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119280?format=json","purl":"pkg:deb/debian/node-yarnpkg@4.1.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@4.1.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119279?format=json","purl":"pkg:deb/debian/node-yarnpkg@4.1.0%2Bdfsg-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@4.1.0%252Bdfsg-6%3Fdistro=trixie"}],"aliases":["CVE-2021-4435","GHSA-mpwj-fcr6-x34c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m42m-4cnh-7qfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52278?format=json","vulnerability_id":"VCID-n9e7-1rm2-53fh","summary":"Path Traversal\nArbitrary filesystem write vulnerability in Yarn allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8131.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8131.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8131","reference_id":"","reference_type":"","scores":[{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77819","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77787","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77814","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77821","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77812","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77801","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8131"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/yarnpkg/yarn/pull/7831","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yarnpkg/yarn/pull/7831"},{"reference_url":"https://hackerone.com/reports/730239","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/730239"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1816261","reference_id":"1816261","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1816261"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952912","reference_id":"952912","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952912"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8131","reference_id":"CVE-2020-8131","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8131"},{"reference_url":"https://github.com/advisories/GHSA-8mfc-v7wv-p62g","reference_id":"GHSA-8mfc-v7wv-p62g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8mfc-v7wv-p62g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0420","reference_id":"RHSA-2021:0420","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0420"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119284?format=json","purl":"pkg:deb/debian/node-yarnpkg@1.22.4-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@1.22.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119278?format=json","purl":"pkg:deb/debian/node-yarnpkg@1.22.10%2B~cs22.25.14-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ksn-dehb-pfdb"},{"vulnerability":"VCID-m42m-4cnh-7qfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@1.22.10%252B~cs22.25.14-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119276?format=json","purl":"pkg:deb/debian/node-yarnpkg@1.22.19%2B~cs24.27.18-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ksn-dehb-pfdb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@1.22.19%252B~cs24.27.18-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119280?format=json","purl":"pkg:deb/debian/node-yarnpkg@4.1.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@4.1.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119279?format=json","purl":"pkg:deb/debian/node-yarnpkg@4.1.0%2Bdfsg-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@4.1.0%252Bdfsg-6%3Fdistro=trixie"}],"aliases":["CVE-2020-8131","GHSA-8mfc-v7wv-p62g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n9e7-1rm2-53fh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51688?format=json","vulnerability_id":"VCID-xbde-dz96-47g9","summary":"Cryptographic Issues\nYarn is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5448","reference_id":"","reference_type":"","scores":[{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28535","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28467","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28464","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28497","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28504","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28577","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5448"},{"reference_url":"https://github.com/ChALkeR/notes/blob/master/Yarn-vuln.md","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ChALkeR/notes/blob/master/Yarn-vuln.md"},{"reference_url":"https://hackerone.com/reports/640904","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/640904"},{"reference_url":"https://yarnpkg.com/blog/2019/07/12/recommended-security-update","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://yarnpkg.com/blog/2019/07/12/recommended-security-update"},{"reference_url":"https://yarnpkg.com/blog/2019/07/12/recommended-security-update/","reference_id":"","reference_type":"","scores":[],"url":"https://yarnpkg.com/blog/2019/07/12/recommended-security-update/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941354","reference_id":"941354","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941354"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5448","reference_id":"CVE-2019-5448","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5448"},{"reference_url":"https://github.com/advisories/GHSA-wqfc-cr59-h64p","reference_id":"GHSA-wqfc-cr59-h64p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wqfc-cr59-h64p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119283?format=json","purl":"pkg:deb/debian/node-yarnpkg@1.13.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@1.13.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119278?format=json","purl":"pkg:deb/debian/node-yarnpkg@1.22.10%2B~cs22.25.14-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ksn-dehb-pfdb"},{"vulnerability":"VCID-m42m-4cnh-7qfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@1.22.10%252B~cs22.25.14-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119276?format=json","purl":"pkg:deb/debian/node-yarnpkg@1.22.19%2B~cs24.27.18-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ksn-dehb-pfdb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@1.22.19%252B~cs24.27.18-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119280?format=json","purl":"pkg:deb/debian/node-yarnpkg@4.1.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@4.1.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119279?format=json","purl":"pkg:deb/debian/node-yarnpkg@4.1.0%2Bdfsg-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@4.1.0%252Bdfsg-6%3Fdistro=trixie"}],"aliases":["CVE-2019-5448","GHSA-wqfc-cr59-h64p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xbde-dz96-47g9"}],"risk_score":"2.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-yarnpkg@1.22.19%252B~cs24.27.18-2%252Bdeb12u1%3Fdistro=trixie"}