Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/prismjs@1.14.0

Type npm

Namespace

Name prismjs

Version 1.14.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.30.0

Latest_non_vulnerable_version 1.30.0

Affected_by_vulnerabilities

url VCID-1av9-pc1z-mbak

vulnerability_id VCID-1av9-pc1z-mbak

summary Cross-Site Scripting in Prism

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15138.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15138.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-15138

reference_id

reference_type

scores

value	0.00859
scoring_system	epss
scoring_elements	0.75442
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-15138

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15138
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15138

reference_url

https://github.com/PrismJS/prism/pull/2506/commits/7bd7de05edf71112a3a77f87901a2409c9c5c20c

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/PrismJS/prism/pull/2506/commits/7bd7de05edf71112a3a77f87901a2409c9c5c20c

reference_url

https://prismjs.com/plugins/previewers/#disabling-a-previewer

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://prismjs.com/plugins/previewers/#disabling-a-previewer

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1867581
reference_id	1867581
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1867581

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968094
reference_id	968094
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968094

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-15138

reference_id

CVE-2020-15138

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-15138

reference_url

https://github.com/advisories/GHSA-wvhm-4hhf-97x9

reference_id

GHSA-wvhm-4hhf-97x9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wvhm-4hhf-97x9

reference_url

https://github.com/PrismJS/prism/security/advisories/GHSA-wvhm-4hhf-97x9

reference_id

GHSA-wvhm-4hhf-97x9

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/PrismJS/prism/security/advisories/GHSA-wvhm-4hhf-97x9

fixed_packages

url pkg:npm/prismjs@1.21.0

purl pkg:npm/prismjs@1.21.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7hga-phsb-1kep

vulnerability	VCID-cvqb-p5f4-7fax

vulnerability	VCID-qgsq-pu42-6bg6

vulnerability	VCID-qve7-xnn5-g7as

vulnerability	VCID-zn9q-7fut-7qd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/prismjs@1.21.0

aliases CVE-2020-15138, GHSA-wvhm-4hhf-97x9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1av9-pc1z-mbak

url VCID-7hga-phsb-1kep

vulnerability_id VCID-7hga-phsb-1kep

summary Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code. Server-side usage of Prism is not impacted. Websites that do not use the Command Line plugin are also not impacted. This bug has been fixed in v1.27.0. As a workaround, do not use the command line plugin on untrusted inputs, or sanitize all code blocks (remove all HTML code text) from all code blocks that use the command line plugin.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23647.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23647.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-23647

reference_id

reference_type

scores

value	0.00507
scoring_system	epss
scoring_elements	0.6671
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-23647

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23647
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23647

reference_url

https://github.com/PrismJS/prism

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/PrismJS/prism

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2056643
reference_id	2056643
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2056643

reference_url

https://github.com/PrismJS/prism/pull/3341

reference_id

3341

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:10:20Z/

url

https://github.com/PrismJS/prism/pull/3341

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-23647

reference_id

CVE-2022-23647

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-23647

reference_url

https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c

reference_id

e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:10:20Z/

url

https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c

reference_url

https://github.com/advisories/GHSA-3949-f494-cm99

reference_id

GHSA-3949-f494-cm99

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3949-f494-cm99

reference_url

https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99

reference_id

GHSA-3949-f494-cm99

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:10:20Z/

url

https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99

reference_url	https://access.redhat.com/errata/RHSA-2022:6835
reference_id	RHSA-2022:6835
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6835

reference_url	https://access.redhat.com/errata/RHSA-2022:8524
reference_id	RHSA-2022:8524
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8524

fixed_packages

url pkg:npm/prismjs@1.27.0

purl pkg:npm/prismjs@1.27.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qve7-xnn5-g7as

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/prismjs@1.27.0

aliases CVE-2022-23647, GHSA-3949-f494-cm99

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7hga-phsb-1kep

url VCID-cvqb-p5f4-7fax

vulnerability_id VCID-cvqb-p5f4-7fax

summary prism is vulnerable to Inefficient Regular Expression Complexity

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3801.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3801.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3801

reference_id

reference_type

scores

value	0.0028
scoring_system	epss
scoring_elements	0.51695
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3801

reference_url

https://github.com/prismjs/prism

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/prismjs/prism

reference_url

https://github.com/prismjs/prism/commit/0ff371bb4775a131634f47d0fe85794c547232f9

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/prismjs/prism/commit/0ff371bb4775a131634f47d0fe85794c547232f9

reference_url

https://huntr.dev/bounties/8c16ab31-6eb6-46d1-b9a4-387222fe1b8a

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://huntr.dev/bounties/8c16ab31-6eb6-46d1-b9a4-387222fe1b8a

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3801

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3801

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2005445
reference_id	2005445
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2005445

reference_url

https://github.com/advisories/GHSA-hqhp-5p83-hx96

reference_id

GHSA-hqhp-5p83-hx96

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hqhp-5p83-hx96

reference_url	https://access.redhat.com/errata/RHSA-2021:4902
reference_id	RHSA-2021:4902
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4902

fixed_packages

url pkg:npm/prismjs@1.25.0

purl pkg:npm/prismjs@1.25.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7hga-phsb-1kep

vulnerability	VCID-qve7-xnn5-g7as

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/prismjs@1.25.0

aliases CVE-2021-3801, GHSA-hqhp-5p83-hx96

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cvqb-p5f4-7fax

url VCID-qgsq-pu42-6bg6

vulnerability_id VCID-qgsq-pu42-6bg6

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32723.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32723.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-32723

reference_id

reference_type

scores

value	0.00373
scoring_system	epss
scoring_elements	0.59407
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-32723

reference_url

https://github.com/PrismJS/prism

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/PrismJS/prism

reference_url

https://github.com/PrismJS/prism/commit/d85e30da6755fdbe7f8559f8e75d122297167018

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/PrismJS/prism/commit/d85e30da6755fdbe7f8559f8e75d122297167018

reference_url

https://github.com/PrismJS/prism/pull/2688

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/PrismJS/prism/pull/2688

reference_url

https://github.com/PrismJS/prism/pull/2774

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/PrismJS/prism/pull/2774

reference_url

https://github.com/PrismJS/prism/security/advisories/GHSA-gj77-59wh-66hg

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/PrismJS/prism/security/advisories/GHSA-gj77-59wh-66hg

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-32723

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-32723

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1980286
reference_id	1980286
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1980286

reference_url

https://github.com/advisories/GHSA-gj77-59wh-66hg

reference_id

GHSA-gj77-59wh-66hg

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gj77-59wh-66hg

fixed_packages

url pkg:npm/prismjs@1.24.0

purl pkg:npm/prismjs@1.24.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7hga-phsb-1kep

vulnerability	VCID-cvqb-p5f4-7fax

vulnerability	VCID-qve7-xnn5-g7as

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/prismjs@1.24.0

aliases CVE-2021-32723, GHSA-gj77-59wh-66hg

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qgsq-pu42-6bg6

url VCID-qve7-xnn5-g7as

vulnerability_id VCID-qve7-xnn5-g7as

summary Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53382.json

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53382.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-53382

reference_id

reference_type

scores

value	0.00158
scoring_system	epss
scoring_elements	0.3644
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-53382

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53382
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53382

reference_url

https://github.com/PrismJS/prism

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/PrismJS/prism

reference_url

https://github.com/PrismJS/prism/commit/8e8b9352dac64457194dd9e51096b4772532e53d

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/PrismJS/prism/commit/8e8b9352dac64457194dd9e51096b4772532e53d

reference_url

https://github.com/PrismJS/prism/pull/3863

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/PrismJS/prism/pull/3863

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-53382

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-53382

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099619
reference_id	1099619
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099619

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2349390
reference_id	2349390
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2349390

reference_url

https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660

reference_id

aeb128e44f05f95828a1a824708df660

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T21:52:57Z/

url

https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660

reference_url	https://github.com/advisories/GHSA-x7hr-w5r2-h6wg
reference_id	GHSA-x7hr-w5r2-h6wg
reference_type
scores
url	https://github.com/advisories/GHSA-x7hr-w5r2-h6wg

reference_url

https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259

reference_id

prism.js#L226-L259

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T21:52:57Z/

url

https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259

reference_url	https://access.redhat.com/errata/RHSA-2025:11749
reference_id	RHSA-2025:11749
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11749

reference_url	https://access.redhat.com/errata/RHSA-2025:11889
reference_id	RHSA-2025:11889
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11889

reference_url	https://access.redhat.com/errata/RHSA-2026:3751
reference_id	RHSA-2026:3751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3751

fixed_packages

url	pkg:npm/prismjs@1.30.0
purl	pkg:npm/prismjs@1.30.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/prismjs@1.30.0

aliases CVE-2024-53382, GHSA-x7hr-w5r2-h6wg

risk_score 2.2

exploitability 0.5

weighted_severity 4.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qve7-xnn5-g7as

url VCID-zn9q-7fut-7qd7

vulnerability_id VCID-zn9q-7fut-7qd7

summary The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23341.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23341.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-23341

reference_id

reference_type

scores

value	0.01762
scoring_system	epss
scoring_elements	0.83025
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-23341

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23341
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23341

reference_url

https://github.com/PrismJS/prism/commit/c2f6a64426f44497a675cb32dccb079b3eff1609

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/PrismJS/prism/commit/c2f6a64426f44497a675cb32dccb079b3eff1609

reference_url

https://github.com/PrismJS/prism/issues/2583

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/PrismJS/prism/issues/2583

reference_url

https://github.com/PrismJS/prism/pull/2584

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/PrismJS/prism/pull/2584

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-23341

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-23341

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1076583

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1076583

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1076582

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1076582

reference_url

https://snyk.io/vuln/SNYK-JS-PRISMJS-1076581

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-PRISMJS-1076581

reference_url

https://www.npmjs.com/package/prismjs

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/package/prismjs

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1930420
reference_id	1930420
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1930420

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985109
reference_id	985109
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985109

reference_url

https://github.com/advisories/GHSA-h4hr-7fg3-h35w

reference_id

GHSA-h4hr-7fg3-h35w

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h4hr-7fg3-h35w

fixed_packages

url pkg:npm/prismjs@1.23.0

purl pkg:npm/prismjs@1.23.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7hga-phsb-1kep

vulnerability	VCID-cvqb-p5f4-7fax

vulnerability	VCID-qgsq-pu42-6bg6

vulnerability	VCID-qve7-xnn5-g7as

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/prismjs@1.23.0

aliases CVE-2021-23341, GHSA-h4hr-7fg3-h35w

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zn9q-7fut-7qd7

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/prismjs@1.14.0

Package Instance