{"url":"http://public2.vulnerablecode.io/api/packages/138741?format=json","purl":"pkg:rpm/redhat/rh-nodejs14-nodejs@14.15.4-2?arch=el7","type":"rpm","namespace":"redhat","name":"rh-nodejs14-nodejs","version":"14.15.4-2","qualifiers":{"arch":"el7"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53873?format=json","vulnerability_id":"VCID-1pej-f5gn-5feh","summary":"Prototype Pollution\nIf an attacker submits a malicious `INI` file to an application that parses it with `ini.parse`, they will pollute the prototype on the application. This can be exploited further depending on the context.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7788.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7788.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7788","reference_id":"","reference_type":"","scores":[{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52799","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52739","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788"},{"reference_url":"https://github.com/npm/ini","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/ini"},{"reference_url":"https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-INI-1048974","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-INI-1048974"},{"reference_url":"https://www.npmjs.com/advisories/1589","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1589"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1907444","reference_id":"1907444","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1907444"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977718","reference_id":"977718","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977718"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7788","reference_id":"CVE-2020-7788","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7788"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0421","reference_id":"RHSA-2021:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0485","reference_id":"RHSA-2021:0485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0521","reference_id":"RHSA-2021:0521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0548","reference_id":"RHSA-2021:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0549","reference_id":"RHSA-2021:0549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0551","reference_id":"RHSA-2021:0551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3280","reference_id":"RHSA-2021:3280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3281","reference_id":"RHSA-2021:3281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5171","reference_id":"RHSA-2021:5171","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0246","reference_id":"RHSA-2022:0246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0350","reference_id":"RHSA-2022:0350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6595","reference_id":"RHSA-2022:6595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6595"}],"fixed_packages":[],"aliases":["CVE-2020-7788","GHSA-qqgx-2p2h-9c37"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1pej-f5gn-5feh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52811?format=json","vulnerability_id":"VCID-363b-t6mk-w3ct","summary":"Improper Input Validation\nAn issue was discovered in `ajv.validate()` in Ajv (aka Another JSON Schema Validator). A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15366.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15366.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15366","reference_id":"","reference_type":"","scores":[{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56354","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56298","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15366"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15366","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15366"},{"reference_url":"https://github.com/ajv-validator/ajv","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ajv-validator/ajv"},{"reference_url":"https://github.com/ajv-validator/ajv/commit/65b2f7d76b190ac63a0d4e9154c712d7aa37049f","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ajv-validator/ajv/commit/65b2f7d76b190ac63a0d4e9154c712d7aa37049f"},{"reference_url":"https://github.com/ajv-validator/ajv/releases/tag/v6.12.3","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ajv-validator/ajv/releases/tag/v6.12.3"},{"reference_url":"https://github.com/ajv-validator/ajv/tags","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ajv-validator/ajv/tags"},{"reference_url":"https://hackerone.com/bugs?subject=user&report_id=894259","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/bugs?subject=user&report_id=894259"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0007","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240621-0007"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1857977","reference_id":"1857977","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1857977"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15366","reference_id":"CVE-2020-15366","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15366"},{"reference_url":"https://github.com/advisories/GHSA-v88g-cgmw-v5xw","reference_id":"GHSA-v88g-cgmw-v5xw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v88g-cgmw-v5xw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4298","reference_id":"RHSA-2020:4298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5305","reference_id":"RHSA-2020:5305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5499","reference_id":"RHSA-2020:5499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0421","reference_id":"RHSA-2021:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0521","reference_id":"RHSA-2021:0521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0548","reference_id":"RHSA-2021:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0551","reference_id":"RHSA-2021:0551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0781","reference_id":"RHSA-2021:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3917","reference_id":"RHSA-2021:3917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3917"}],"fixed_packages":[],"aliases":["CVE-2020-15366","GHSA-v88g-cgmw-v5xw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-363b-t6mk-w3ct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53737?format=json","vulnerability_id":"VCID-azjs-kjpm-z3h2","summary":"Uncontrolled Resource Consumption\nThis affects the package npm-user-validate The regex that validates user emails took exponentially longer to process long input strings beginning with `@` characters.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7754.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7754.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7754","reference_id":"","reference_type":"","scores":[{"value":"0.01798","scoring_system":"epss","scoring_elements":"0.83121","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01798","scoring_system":"epss","scoring_elements":"0.83147","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7754"},{"reference_url":"https://github.com/npm/npm-user-validate/commit/c8a87dac1a4cc6988b5418f30411a8669bef204e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/npm-user-validate/commit/c8a87dac1a4cc6988b5418f30411a8669bef204e"},{"reference_url":"https://github.com/npm/npm-user-validate/security/advisories/GHSA-xgh6-85xh-479p","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/npm-user-validate/security/advisories/GHSA-xgh6-85xh-479p"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1019353","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1019353"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-NPMUSERVALIDATE-1019352","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-NPMUSERVALIDATE-1019352"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1892430","reference_id":"1892430","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1892430"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7754","reference_id":"CVE-2020-7754","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7754"},{"reference_url":"https://github.com/advisories/GHSA-xgh6-85xh-479p","reference_id":"GHSA-xgh6-85xh-479p","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xgh6-85xh-479p"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0421","reference_id":"RHSA-2021:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0485","reference_id":"RHSA-2021:0485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0521","reference_id":"RHSA-2021:0521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0548","reference_id":"RHSA-2021:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0549","reference_id":"RHSA-2021:0549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0551","reference_id":"RHSA-2021:0551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0551"}],"fixed_packages":[],"aliases":["CVE-2020-7754","GHSA-pw54-mh39-w3hc","GHSA-xgh6-85xh-479p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-azjs-kjpm-z3h2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5765?format=json","vulnerability_id":"VCID-c12a-v9ey-qfap","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8265.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8265.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8265","reference_id":"","reference_type":"","scores":[{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73616","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73652","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912854","reference_id":"1912854","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912854"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364","reference_id":"979364","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364"},{"reference_url":"https://security.archlinux.org/ASA-202101-16","reference_id":"ASA-202101-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-16"},{"reference_url":"https://security.archlinux.org/AVG-1400","reference_id":"AVG-1400","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1400"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0421","reference_id":"RHSA-2021:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0485","reference_id":"RHSA-2021:0485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0521","reference_id":"RHSA-2021:0521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0548","reference_id":"RHSA-2021:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0549","reference_id":"RHSA-2021:0549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0551","reference_id":"RHSA-2021:0551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0551"},{"reference_url":"https://usn.ubuntu.com/6380-1/","reference_id":"USN-6380-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6380-1/"}],"fixed_packages":[],"aliases":["CVE-2020-8265"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c12a-v9ey-qfap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53802?format=json","vulnerability_id":"VCID-eun3-dgw9-ruaj","summary":"Prototype Pollution in y18n\nThe npm package y18n before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7774.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7774.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7774","reference_id":"","reference_type":"","scores":[{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64936","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64893","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7774"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7774"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/yargs/y18n","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yargs/y18n"},{"reference_url":"https://github.com/yargs/y18n/commit/90401eea9062ad498f4f792e3fff8008c4c193a3","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yargs/y18n/commit/90401eea9062ad498f4f792e3fff8008c4c193a3"},{"reference_url":"https://github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25"},{"reference_url":"https://github.com/yargs/y18n/issues/96","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yargs/y18n/issues/96"},{"reference_url":"https://github.com/yargs/y18n/pull/108","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yargs/y18n/pull/108"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-Y18N-1021887","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-Y18N-1021887"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1898680","reference_id":"1898680","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1898680"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976390","reference_id":"976390","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976390"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7774","reference_id":"CVE-2020-7774","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7774"},{"reference_url":"https://github.com/advisories/GHSA-c4w7-xm78-47vh","reference_id":"GHSA-c4w7-xm78-47vh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c4w7-xm78-47vh"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5305","reference_id":"RHSA-2020:5305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5499","reference_id":"RHSA-2020:5499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5633","reference_id":"RHSA-2020:5633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0421","reference_id":"RHSA-2021:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0521","reference_id":"RHSA-2021:0521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0548","reference_id":"RHSA-2021:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0551","reference_id":"RHSA-2021:0551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2041","reference_id":"RHSA-2021:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2438","reference_id":"RHSA-2021:2438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2438"}],"fixed_packages":[],"aliases":["CVE-2020-7774","GHSA-c4w7-xm78-47vh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eun3-dgw9-ruaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5764?format=json","vulnerability_id":"VCID-f3mc-s6sz-hkep","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8287.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8287.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8287","reference_id":"","reference_type":"","scores":[{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93861","published_at":"2026-06-04T12:55:00Z"},{"value":"0.11865","scoring_system":"epss","scoring_elements":"0.93871","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8287"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016690","reference_id":"1016690","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016690"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912863","reference_id":"1912863","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912863"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364","reference_id":"979364","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364"},{"reference_url":"https://security.archlinux.org/ASA-202101-16","reference_id":"ASA-202101-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-16"},{"reference_url":"https://security.archlinux.org/AVG-1400","reference_id":"AVG-1400","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1400"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0421","reference_id":"RHSA-2021:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0485","reference_id":"RHSA-2021:0485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0521","reference_id":"RHSA-2021:0521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0548","reference_id":"RHSA-2021:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0549","reference_id":"RHSA-2021:0549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0551","reference_id":"RHSA-2021:0551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0551"},{"reference_url":"https://usn.ubuntu.com/5563-1/","reference_id":"USN-5563-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5563-1/"},{"reference_url":"https://usn.ubuntu.com/6380-1/","reference_id":"USN-6380-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6380-1/"}],"fixed_packages":[],"aliases":["CVE-2020-8287"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f3mc-s6sz-hkep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53812?format=json","vulnerability_id":"VCID-w6y4-5tef-mbek","summary":"Uncontrolled Resource Consumption\nc-ares' `ares_parse_{a,aaaa}_reply()` suffers from a Denial Of Service due to insufficient `naddrttls` validation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8277.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8277.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8277","reference_id":"","reference_type":"","scores":[{"value":"0.58883","scoring_system":"epss","scoring_elements":"0.98255","published_at":"2026-06-04T12:55:00Z"},{"value":"0.58883","scoring_system":"epss","scoring_elements":"0.98257","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1898554","reference_id":"1898554","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1898554"},{"reference_url":"https://security.archlinux.org/ASA-202011-18","reference_id":"ASA-202011-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202011-18"},{"reference_url":"https://security.archlinux.org/AVG-1280","reference_id":"AVG-1280","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1280"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8277","reference_id":"CVE-2020-8277","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8277"},{"reference_url":"https://security.gentoo.org/glsa/202012-11","reference_id":"GLSA-202012-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202012-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5305","reference_id":"RHSA-2020:5305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5499","reference_id":"RHSA-2020:5499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0421","reference_id":"RHSA-2021:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0551","reference_id":"RHSA-2021:0551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0551"},{"reference_url":"https://usn.ubuntu.com/4638-1/","reference_id":"USN-4638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4638-1/"}],"fixed_packages":[],"aliases":["CVE-2020-8277"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w6y4-5tef-mbek"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs14-nodejs@14.15.4-2%3Farch=el7"}