{"url":"http://public2.vulnerablecode.io/api/packages/19468?format=json","purl":"pkg:npm/prismjs@1.14.0","type":"npm","namespace":"","name":"prismjs","version":"1.14.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.30.0","latest_non_vulnerable_version":"1.30.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205131?format=json","vulnerability_id":"VCID-1av9-pc1z-mbak","summary":"Cross-Site Scripting in Prism","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15138.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15138.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15138","reference_id":"","reference_type":"","scores":[{"value":"0.00859","scoring_system":"epss","scoring_elements":"0.75442","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00859","scoring_system":"epss","scoring_elements":"0.75512","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15138"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15138","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15138"},{"reference_url":"https://github.com/PrismJS/prism/pull/2506/commits/7bd7de05edf71112a3a77f87901a2409c9c5c20c","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PrismJS/prism/pull/2506/commits/7bd7de05edf71112a3a77f87901a2409c9c5c20c"},{"reference_url":"https://prismjs.com/plugins/previewers/#disabling-a-previewer","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://prismjs.com/plugins/previewers/#disabling-a-previewer"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1867581","reference_id":"1867581","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1867581"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968094","reference_id":"968094","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968094"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15138","reference_id":"CVE-2020-15138","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15138"},{"reference_url":"https://github.com/advisories/GHSA-wvhm-4hhf-97x9","reference_id":"GHSA-wvhm-4hhf-97x9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wvhm-4hhf-97x9"},{"reference_url":"https://github.com/PrismJS/prism/security/advisories/GHSA-wvhm-4hhf-97x9","reference_id":"GHSA-wvhm-4hhf-97x9","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PrismJS/prism/security/advisories/GHSA-wvhm-4hhf-97x9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16847?format=json","purl":"pkg:npm/prismjs@1.21.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7hga-phsb-1kep"},{"vulnerability":"VCID-cvqb-p5f4-7fax"},{"vulnerability":"VCID-qgsq-pu42-6bg6"},{"vulnerability":"VCID-qve7-xnn5-g7as"},{"vulnerability":"VCID-zn9q-7fut-7qd7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/prismjs@1.21.0"}],"aliases":["CVE-2020-15138","GHSA-wvhm-4hhf-97x9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1av9-pc1z-mbak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163883?format=json","vulnerability_id":"VCID-7hga-phsb-1kep","summary":"Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code. Server-side usage of Prism is not impacted. Websites that do not use the Command Line plugin are also not impacted. This bug has been fixed in v1.27.0. As a workaround, do not use the command line plugin on untrusted inputs, or sanitize all code blocks (remove all HTML code text) from all code blocks that use the command line plugin.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23647.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23647.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23647","reference_id":"","reference_type":"","scores":[{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66803","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.6671","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23647"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23647","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23647"},{"reference_url":"https://github.com/PrismJS/prism","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PrismJS/prism"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2056643","reference_id":"2056643","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2056643"},{"reference_url":"https://github.com/PrismJS/prism/pull/3341","reference_id":"3341","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:10:20Z/"}],"url":"https://github.com/PrismJS/prism/pull/3341"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23647","reference_id":"CVE-2022-23647","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23647"},{"reference_url":"https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c","reference_id":"e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:10:20Z/"}],"url":"https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c"},{"reference_url":"https://github.com/advisories/GHSA-3949-f494-cm99","reference_id":"GHSA-3949-f494-cm99","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3949-f494-cm99"},{"reference_url":"https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99","reference_id":"GHSA-3949-f494-cm99","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:10:20Z/"}],"url":"https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6835","reference_id":"RHSA-2022:6835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6835"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8524","reference_id":"RHSA-2022:8524","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8524"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19469?format=json","purl":"pkg:npm/prismjs@1.27.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qve7-xnn5-g7as"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/prismjs@1.27.0"}],"aliases":["CVE-2022-23647","GHSA-3949-f494-cm99"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7hga-phsb-1kep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208675?format=json","vulnerability_id":"VCID-cvqb-p5f4-7fax","summary":"prism is vulnerable to Inefficient Regular Expression Complexity","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3801.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3801.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3801","reference_id":"","reference_type":"","scores":[{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51695","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51824","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3801"},{"reference_url":"https://github.com/prismjs/prism","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/prismjs/prism"},{"reference_url":"https://github.com/prismjs/prism/commit/0ff371bb4775a131634f47d0fe85794c547232f9","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/prismjs/prism/commit/0ff371bb4775a131634f47d0fe85794c547232f9"},{"reference_url":"https://huntr.dev/bounties/8c16ab31-6eb6-46d1-b9a4-387222fe1b8a","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/8c16ab31-6eb6-46d1-b9a4-387222fe1b8a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3801","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3801"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005445","reference_id":"2005445","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005445"},{"reference_url":"https://github.com/advisories/GHSA-hqhp-5p83-hx96","reference_id":"GHSA-hqhp-5p83-hx96","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hqhp-5p83-hx96"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4902","reference_id":"RHSA-2021:4902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4902"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382622?format=json","purl":"pkg:npm/prismjs@1.25.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7hga-phsb-1kep"},{"vulnerability":"VCID-qve7-xnn5-g7as"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/prismjs@1.25.0"}],"aliases":["CVE-2021-3801","GHSA-hqhp-5p83-hx96"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cvqb-p5f4-7fax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/340023?format=json","vulnerability_id":"VCID-qgsq-pu42-6bg6","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32723.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32723.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32723","reference_id":"","reference_type":"","scores":[{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.59407","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.59516","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32723"},{"reference_url":"https://github.com/PrismJS/prism","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PrismJS/prism"},{"reference_url":"https://github.com/PrismJS/prism/commit/d85e30da6755fdbe7f8559f8e75d122297167018","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PrismJS/prism/commit/d85e30da6755fdbe7f8559f8e75d122297167018"},{"reference_url":"https://github.com/PrismJS/prism/pull/2688","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PrismJS/prism/pull/2688"},{"reference_url":"https://github.com/PrismJS/prism/pull/2774","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PrismJS/prism/pull/2774"},{"reference_url":"https://github.com/PrismJS/prism/security/advisories/GHSA-gj77-59wh-66hg","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PrismJS/prism/security/advisories/GHSA-gj77-59wh-66hg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32723","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32723"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1980286","reference_id":"1980286","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1980286"},{"reference_url":"https://github.com/advisories/GHSA-gj77-59wh-66hg","reference_id":"GHSA-gj77-59wh-66hg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gj77-59wh-66hg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383230?format=json","purl":"pkg:npm/prismjs@1.24.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7hga-phsb-1kep"},{"vulnerability":"VCID-cvqb-p5f4-7fax"},{"vulnerability":"VCID-qve7-xnn5-g7as"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/prismjs@1.24.0"}],"aliases":["CVE-2021-32723","GHSA-gj77-59wh-66hg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qgsq-pu42-6bg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44377?format=json","vulnerability_id":"VCID-qve7-xnn5-g7as","summary":"Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53382.json","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53382.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53382","reference_id":"","reference_type":"","scores":[{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.3644","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.3662","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53382"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53382","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53382"},{"reference_url":"https://github.com/PrismJS/prism","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PrismJS/prism"},{"reference_url":"https://github.com/PrismJS/prism/commit/8e8b9352dac64457194dd9e51096b4772532e53d","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PrismJS/prism/commit/8e8b9352dac64457194dd9e51096b4772532e53d"},{"reference_url":"https://github.com/PrismJS/prism/pull/3863","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PrismJS/prism/pull/3863"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53382","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53382"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099619","reference_id":"1099619","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099619"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2349390","reference_id":"2349390","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2349390"},{"reference_url":"https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660","reference_id":"aeb128e44f05f95828a1a824708df660","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T21:52:57Z/"}],"url":"https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660"},{"reference_url":"https://github.com/advisories/GHSA-x7hr-w5r2-h6wg","reference_id":"GHSA-x7hr-w5r2-h6wg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x7hr-w5r2-h6wg"},{"reference_url":"https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259","reference_id":"prism.js#L226-L259","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T21:52:57Z/"}],"url":"https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11749","reference_id":"RHSA-2025:11749","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11749"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11889","reference_id":"RHSA-2025:11889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3751","reference_id":"RHSA-2026:3751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3751"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377844?format=json","purl":"pkg:npm/prismjs@1.30.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/prismjs@1.30.0"}],"aliases":["CVE-2024-53382","GHSA-x7hr-w5r2-h6wg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qve7-xnn5-g7as"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208305?format=json","vulnerability_id":"VCID-zn9q-7fut-7qd7","summary":"The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23341.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23341.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23341","reference_id":"","reference_type":"","scores":[{"value":"0.01762","scoring_system":"epss","scoring_elements":"0.83025","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01762","scoring_system":"epss","scoring_elements":"0.83087","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23341"},{"reference_url":"https://github.com/PrismJS/prism/commit/c2f6a64426f44497a675cb32dccb079b3eff1609","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PrismJS/prism/commit/c2f6a64426f44497a675cb32dccb079b3eff1609"},{"reference_url":"https://github.com/PrismJS/prism/issues/2583","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PrismJS/prism/issues/2583"},{"reference_url":"https://github.com/PrismJS/prism/pull/2584","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PrismJS/prism/pull/2584"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23341","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23341"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1076583","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1076583"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1076582","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1076582"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-PRISMJS-1076581","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-PRISMJS-1076581"},{"reference_url":"https://www.npmjs.com/package/prismjs","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/package/prismjs"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930420","reference_id":"1930420","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1930420"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985109","reference_id":"985109","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985109"},{"reference_url":"https://github.com/advisories/GHSA-h4hr-7fg3-h35w","reference_id":"GHSA-h4hr-7fg3-h35w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h4hr-7fg3-h35w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383070?format=json","purl":"pkg:npm/prismjs@1.23.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7hga-phsb-1kep"},{"vulnerability":"VCID-cvqb-p5f4-7fax"},{"vulnerability":"VCID-qgsq-pu42-6bg6"},{"vulnerability":"VCID-qve7-xnn5-g7as"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/prismjs@1.23.0"}],"aliases":["CVE-2021-23341","GHSA-h4hr-7fg3-h35w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zn9q-7fut-7qd7"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/prismjs@1.14.0"}