Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.198.20210220-9?distro=trixie
Typedeb
Namespacedebian
Namenode-lodash
Version4.17.21+dfsg+~cs8.31.198.20210220-9
Qualifiers
distro trixie
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.17.21+dfsg+~cs8.31.198.20210220-10
Latest_non_vulnerable_version4.18.1+dfsg-3
Affected_by_vulnerabilities
0
url VCID-jac8-95p1-quec
vulnerability_id VCID-jac8-95p1-quec
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4800.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4800.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4800
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.1404
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4800
2
reference_url https://cna.openjsf.org/security-advisories.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T20:36:55Z/
url https://cna.openjsf.org/security-advisories.html
3
reference_url https://github.com/advisories/GHSA-35jh-r3h4-6jhm
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T20:36:55Z/
url https://github.com/advisories/GHSA-35jh-r3h4-6jhm
4
reference_url https://github.com/lodash/lodash
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash
5
reference_url https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T20:36:55Z/
url https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c
6
reference_url https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4800
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4800
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132500
reference_id 1132500
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132500
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2453496
reference_id 2453496
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2453496
10
reference_url https://github.com/advisories/GHSA-r5fr-rjxr-66jc
reference_id GHSA-r5fr-rjxr-66jc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r5fr-rjxr-66jc
11
reference_url https://access.redhat.com/errata/RHSA-2026:10131
reference_id RHSA-2026:10131
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10131
12
reference_url https://access.redhat.com/errata/RHSA-2026:10175
reference_id RHSA-2026:10175
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10175
13
reference_url https://access.redhat.com/errata/RHSA-2026:10710
reference_id RHSA-2026:10710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10710
14
reference_url https://access.redhat.com/errata/RHSA-2026:10713
reference_id RHSA-2026:10713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10713
15
reference_url https://access.redhat.com/errata/RHSA-2026:11454
reference_id RHSA-2026:11454
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:11454
16
reference_url https://access.redhat.com/errata/RHSA-2026:11469
reference_id RHSA-2026:11469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:11469
17
reference_url https://access.redhat.com/errata/RHSA-2026:11470
reference_id RHSA-2026:11470
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:11470
18
reference_url https://access.redhat.com/errata/RHSA-2026:11471
reference_id RHSA-2026:11471
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:11471
19
reference_url https://access.redhat.com/errata/RHSA-2026:11493
reference_id RHSA-2026:11493
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:11493
20
reference_url https://access.redhat.com/errata/RHSA-2026:11494
reference_id RHSA-2026:11494
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:11494
21
reference_url https://access.redhat.com/errata/RHSA-2026:11495
reference_id RHSA-2026:11495
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:11495
22
reference_url https://access.redhat.com/errata/RHSA-2026:11516
reference_id RHSA-2026:11516
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:11516
23
reference_url https://access.redhat.com/errata/RHSA-2026:12277
reference_id RHSA-2026:12277
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:12277
24
reference_url https://access.redhat.com/errata/RHSA-2026:12279
reference_id RHSA-2026:12279
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:12279
25
reference_url https://access.redhat.com/errata/RHSA-2026:13545
reference_id RHSA-2026:13545
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13545
26
reference_url https://access.redhat.com/errata/RHSA-2026:13553
reference_id RHSA-2026:13553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13553
27
reference_url https://access.redhat.com/errata/RHSA-2026:13571
reference_id RHSA-2026:13571
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13571
28
reference_url https://access.redhat.com/errata/RHSA-2026:13826
reference_id RHSA-2026:13826
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13826
29
reference_url https://access.redhat.com/errata/RHSA-2026:14870
reference_id RHSA-2026:14870
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14870
30
reference_url https://access.redhat.com/errata/RHSA-2026:14871
reference_id RHSA-2026:14871
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14871
31
reference_url https://access.redhat.com/errata/RHSA-2026:16874
reference_id RHSA-2026:16874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:16874
32
reference_url https://access.redhat.com/errata/RHSA-2026:17448
reference_id RHSA-2026:17448
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17448
33
reference_url https://access.redhat.com/errata/RHSA-2026:17468
reference_id RHSA-2026:17468
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17468
34
reference_url https://access.redhat.com/errata/RHSA-2026:17469
reference_id RHSA-2026:17469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17469
35
reference_url https://access.redhat.com/errata/RHSA-2026:17547
reference_id RHSA-2026:17547
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17547
36
reference_url https://access.redhat.com/errata/RHSA-2026:17549
reference_id RHSA-2026:17549
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17549
37
reference_url https://access.redhat.com/errata/RHSA-2026:17550
reference_id RHSA-2026:17550
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17550
38
reference_url https://access.redhat.com/errata/RHSA-2026:17598
reference_id RHSA-2026:17598
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17598
39
reference_url https://access.redhat.com/errata/RHSA-2026:17789
reference_id RHSA-2026:17789
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17789
40
reference_url https://access.redhat.com/errata/RHSA-2026:19008
reference_id RHSA-2026:19008
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19008
41
reference_url https://access.redhat.com/errata/RHSA-2026:19167
reference_id RHSA-2026:19167
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19167
42
reference_url https://access.redhat.com/errata/RHSA-2026:19409
reference_id RHSA-2026:19409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19409
43
reference_url https://access.redhat.com/errata/RHSA-2026:19410
reference_id RHSA-2026:19410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19410
44
reference_url https://access.redhat.com/errata/RHSA-2026:19712
reference_id RHSA-2026:19712
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19712
45
reference_url https://access.redhat.com/errata/RHSA-2026:20041
reference_id RHSA-2026:20041
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20041
46
reference_url https://access.redhat.com/errata/RHSA-2026:20042
reference_id RHSA-2026:20042
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20042
47
reference_url https://access.redhat.com/errata/RHSA-2026:20943
reference_id RHSA-2026:20943
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20943
48
reference_url https://access.redhat.com/errata/RHSA-2026:20946
reference_id RHSA-2026:20946
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20946
49
reference_url https://access.redhat.com/errata/RHSA-2026:8483
reference_id RHSA-2026:8483
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8483
50
reference_url https://access.redhat.com/errata/RHSA-2026:8484
reference_id RHSA-2026:8484
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8484
51
reference_url https://access.redhat.com/errata/RHSA-2026:8490
reference_id RHSA-2026:8490
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8490
52
reference_url https://access.redhat.com/errata/RHSA-2026:8491
reference_id RHSA-2026:8491
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8491
53
reference_url https://access.redhat.com/errata/RHSA-2026:8493
reference_id RHSA-2026:8493
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8493
54
reference_url https://access.redhat.com/errata/RHSA-2026:8498
reference_id RHSA-2026:8498
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8498
55
reference_url https://access.redhat.com/errata/RHSA-2026:9385
reference_id RHSA-2026:9385
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:9385
56
reference_url https://access.redhat.com/errata/RHSA-2026:9742
reference_id RHSA-2026:9742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:9742
fixed_packages
0
url pkg:deb/debian/node-lodash@4.18.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/node-lodash@4.18.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.18.1%252Bdfsg-1%3Fdistro=trixie
1
url pkg:deb/debian/node-lodash@4.18.1%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/node-lodash@4.18.1%2Bdfsg-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.18.1%252Bdfsg-3%3Fdistro=trixie
aliases CVE-2026-4800, GHSA-r5fr-rjxr-66jc
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jac8-95p1-quec
1
url VCID-nejn-mmy7-93gx
vulnerability_id VCID-nejn-mmy7-93gx
summary 
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions
Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the `_.unset` and `_.omit` functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.

The issue permits deletion of properties but does not allow overwriting their original behavior.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13465.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13465.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13465
reference_id
reference_type
scores
0
value 0.00037
scoring_system epss
scoring_elements 0.11552
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13465
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/lodash/lodash
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash
4
reference_url https://github.com/lodash/lodash/commit/edadd452146f7e4bad4ea684e955708931d84d81
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/commit/edadd452146f7e4bad4ea684e955708931d84d81
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126265
reference_id 1126265
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126265
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2431740
reference_id 2431740
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2431740
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13465
reference_id CVE-2025-13465
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13465
8
reference_url https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
reference_id GHSA-xxjr-mmjv-4gpg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
9
reference_url https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg
reference_id GHSA-xxjr-mmjv-4gpg
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-21T19:43:10Z/
url https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg
10
reference_url https://access.redhat.com/errata/RHSA-2026:11414
reference_id RHSA-2026:11414
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:11414
11
reference_url https://access.redhat.com/errata/RHSA-2026:13542
reference_id RHSA-2026:13542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13542
12
reference_url https://access.redhat.com/errata/RHSA-2026:13548
reference_id RHSA-2026:13548
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13548
13
reference_url https://access.redhat.com/errata/RHSA-2026:13829
reference_id RHSA-2026:13829
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13829
14
reference_url https://access.redhat.com/errata/RHSA-2026:14774
reference_id RHSA-2026:14774
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14774
15
reference_url https://access.redhat.com/errata/RHSA-2026:14870
reference_id RHSA-2026:14870
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14870
16
reference_url https://access.redhat.com/errata/RHSA-2026:14871
reference_id RHSA-2026:14871
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14871
17
reference_url https://access.redhat.com/errata/RHSA-2026:15091
reference_id RHSA-2026:15091
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:15091
18
reference_url https://access.redhat.com/errata/RHSA-2026:17469
reference_id RHSA-2026:17469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17469
19
reference_url https://access.redhat.com/errata/RHSA-2026:1845
reference_id RHSA-2026:1845
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1845
20
reference_url https://access.redhat.com/errata/RHSA-2026:18480
reference_id RHSA-2026:18480
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:18480
21
reference_url https://access.redhat.com/errata/RHSA-2026:18868
reference_id RHSA-2026:18868
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:18868
22
reference_url https://access.redhat.com/errata/RHSA-2026:19712
reference_id RHSA-2026:19712
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19712
23
reference_url https://access.redhat.com/errata/RHSA-2026:20042
reference_id RHSA-2026:20042
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20042
24
reference_url https://access.redhat.com/errata/RHSA-2026:20088
reference_id RHSA-2026:20088
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20088
25
reference_url https://access.redhat.com/errata/RHSA-2026:2078
reference_id RHSA-2026:2078
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2078
26
reference_url https://access.redhat.com/errata/RHSA-2026:2119
reference_id RHSA-2026:2119
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2119
27
reference_url https://access.redhat.com/errata/RHSA-2026:2145
reference_id RHSA-2026:2145
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2145
28
reference_url https://access.redhat.com/errata/RHSA-2026:2147
reference_id RHSA-2026:2147
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2147
29
reference_url https://access.redhat.com/errata/RHSA-2026:2148
reference_id RHSA-2026:2148
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2148
30
reference_url https://access.redhat.com/errata/RHSA-2026:2149
reference_id RHSA-2026:2149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2149
31
reference_url https://access.redhat.com/errata/RHSA-2026:2438
reference_id RHSA-2026:2438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2438
32
reference_url https://access.redhat.com/errata/RHSA-2026:2452
reference_id RHSA-2026:2452
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2452
33
reference_url https://access.redhat.com/errata/RHSA-2026:2462
reference_id RHSA-2026:2462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2462
34
reference_url https://access.redhat.com/errata/RHSA-2026:2465
reference_id RHSA-2026:2465
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2465
35
reference_url https://access.redhat.com/errata/RHSA-2026:2469
reference_id RHSA-2026:2469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2469
36
reference_url https://access.redhat.com/errata/RHSA-2026:2484
reference_id RHSA-2026:2484
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2484
37
reference_url https://access.redhat.com/errata/RHSA-2026:2651
reference_id RHSA-2026:2651
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2651
38
reference_url https://access.redhat.com/errata/RHSA-2026:2661
reference_id RHSA-2026:2661
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2661
39
reference_url https://access.redhat.com/errata/RHSA-2026:2672
reference_id RHSA-2026:2672
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2672
40
reference_url https://access.redhat.com/errata/RHSA-2026:2675
reference_id RHSA-2026:2675
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2675
41
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
42
reference_url https://access.redhat.com/errata/RHSA-2026:2816
reference_id RHSA-2026:2816
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2816
43
reference_url https://access.redhat.com/errata/RHSA-2026:2817
reference_id RHSA-2026:2817
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2817
44
reference_url https://access.redhat.com/errata/RHSA-2026:2818
reference_id RHSA-2026:2818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2818
45
reference_url https://access.redhat.com/errata/RHSA-2026:2819
reference_id RHSA-2026:2819
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2819
46
reference_url https://access.redhat.com/errata/RHSA-2026:2900
reference_id RHSA-2026:2900
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2900
47
reference_url https://access.redhat.com/errata/RHSA-2026:2926
reference_id RHSA-2026:2926
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2926
48
reference_url https://access.redhat.com/errata/RHSA-2026:2984
reference_id RHSA-2026:2984
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2984
49
reference_url https://access.redhat.com/errata/RHSA-2026:2990
reference_id RHSA-2026:2990
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2990
50
reference_url https://access.redhat.com/errata/RHSA-2026:3087
reference_id RHSA-2026:3087
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3087
51
reference_url https://access.redhat.com/errata/RHSA-2026:3422
reference_id RHSA-2026:3422
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3422
52
reference_url https://access.redhat.com/errata/RHSA-2026:3710
reference_id RHSA-2026:3710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3710
53
reference_url https://access.redhat.com/errata/RHSA-2026:3712
reference_id RHSA-2026:3712
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3712
54
reference_url https://access.redhat.com/errata/RHSA-2026:3782
reference_id RHSA-2026:3782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3782
55
reference_url https://access.redhat.com/errata/RHSA-2026:3825
reference_id RHSA-2026:3825
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3825
56
reference_url https://access.redhat.com/errata/RHSA-2026:3869
reference_id RHSA-2026:3869
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3869
57
reference_url https://access.redhat.com/errata/RHSA-2026:3870
reference_id RHSA-2026:3870
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3870
58
reference_url https://access.redhat.com/errata/RHSA-2026:3874
reference_id RHSA-2026:3874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3874
59
reference_url https://access.redhat.com/errata/RHSA-2026:3884
reference_id RHSA-2026:3884
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3884
60
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
61
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
62
reference_url https://access.redhat.com/errata/RHSA-2026:3962
reference_id RHSA-2026:3962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3962
63
reference_url https://access.redhat.com/errata/RHSA-2026:4423
reference_id RHSA-2026:4423
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4423
64
reference_url https://access.redhat.com/errata/RHSA-2026:4466
reference_id RHSA-2026:4466
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4466
65
reference_url https://access.redhat.com/errata/RHSA-2026:4467
reference_id RHSA-2026:4467
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4467
66
reference_url https://access.redhat.com/errata/RHSA-2026:4630
reference_id RHSA-2026:4630
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4630
67
reference_url https://access.redhat.com/errata/RHSA-2026:4782
reference_id RHSA-2026:4782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4782
68
reference_url https://access.redhat.com/errata/RHSA-2026:5633
reference_id RHSA-2026:5633
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5633
69
reference_url https://access.redhat.com/errata/RHSA-2026:5636
reference_id RHSA-2026:5636
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5636
70
reference_url https://access.redhat.com/errata/RHSA-2026:6192
reference_id RHSA-2026:6192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6192
71
reference_url https://access.redhat.com/errata/RHSA-2026:6288
reference_id RHSA-2026:6288
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6288
72
reference_url https://access.redhat.com/errata/RHSA-2026:6497
reference_id RHSA-2026:6497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6497
73
reference_url https://access.redhat.com/errata/RHSA-2026:6567
reference_id RHSA-2026:6567
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6567
74
reference_url https://access.redhat.com/errata/RHSA-2026:8218
reference_id RHSA-2026:8218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8218
75
reference_url https://access.redhat.com/errata/RHSA-2026:8229
reference_id RHSA-2026:8229
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8229
76
reference_url https://access.redhat.com/errata/RHSA-2026:9848
reference_id RHSA-2026:9848
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:9848
fixed_packages
0
url pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.198.20210220-10?distro=trixie
purl pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.198.20210220-10?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.17.21%252Bdfsg%252B~cs8.31.198.20210220-10%3Fdistro=trixie
1
url pkg:deb/debian/node-lodash@4.18.1%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/node-lodash@4.18.1%2Bdfsg-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.18.1%252Bdfsg-3%3Fdistro=trixie
aliases CVE-2025-13465, GHSA-xxjr-mmjv-4gpg
risk_score 3.7
exploitability 0.5
weighted_severity 7.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nejn-mmy7-93gx
2
url VCID-nfd4-axkc-pye3
vulnerability_id VCID-nfd4-axkc-pye3
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2950.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2950.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2950
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.07659
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2950
2
reference_url https://github.com/lodash/lodash
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash
3
reference_url https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2950
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2950
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2453499
reference_id 2453499
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2453499
6
reference_url https://github.com/advisories/GHSA-f23m-r3pf-42rh
reference_id GHSA-f23m-r3pf-42rh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f23m-r3pf-42rh
7
reference_url https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg
reference_id GHSA-xxjr-mmjv-4gpg
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-01T13:43:14Z/
url https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg
8
reference_url https://access.redhat.com/errata/RHSA-2026:7378
reference_id RHSA-2026:7378
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7378
9
reference_url https://access.redhat.com/errata/RHSA-2026:7655
reference_id RHSA-2026:7655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7655
10
reference_url https://access.redhat.com/errata/RHSA-2026:9455
reference_id RHSA-2026:9455
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:9455
fixed_packages
0
url pkg:deb/debian/node-lodash@4.18.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/node-lodash@4.18.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.18.1%252Bdfsg-1%3Fdistro=trixie
1
url pkg:deb/debian/node-lodash@4.18.1%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/node-lodash@4.18.1%2Bdfsg-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.18.1%252Bdfsg-3%3Fdistro=trixie
aliases CVE-2026-2950, GHSA-f23m-r3pf-42rh
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nfd4-axkc-pye3
Fixing_vulnerabilities
0
url VCID-1q47-ugsw-7qec
vulnerability_id VCID-1q47-ugsw-7qec
summary 
Prototype Pollution in lodash
Versions of `lodash` before 4.17.5 are vulnerable to prototype pollution.

The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of `Object` via `__proto__` causing the addition or modification of an existing property that will exist on all objects.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-3721
reference_id
reference_type
scores
0
value 0.00256
scoring_system epss
scoring_elements 0.4913
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-3721
1
reference_url https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a
2
reference_url https://hackerone.com/reports/310443
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3
scoring_elements
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/310443
3
reference_url https://security.netapp.com/advisory/ntap-20190919-0004
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190919-0004
4
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/368.json
reference_id 368
reference_type
scores
0
value 2.5
scoring_system cvssv3
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/368.json
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890575
reference_id 890575
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890575
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-3721
reference_id CVE-2018-3721
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-3721
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2018-3721.yml
reference_id CVE-2018-3721.YML
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2018-3721.yml
8
reference_url https://github.com/advisories/GHSA-fvqr-27wr-82fm
reference_id GHSA-fvqr-27wr-82fm
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fvqr-27wr-82fm
fixed_packages
0
url pkg:deb/debian/node-lodash@4.17.11%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/node-lodash@4.17.11%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.17.11%252Bdfsg-1%3Fdistro=trixie
1
url pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.173-1?distro=trixie
purl pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.173-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jac8-95p1-quec
1
vulnerability VCID-nejn-mmy7-93gx
2
vulnerability VCID-nfd4-axkc-pye3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.17.21%252Bdfsg%252B~cs8.31.173-1%3Fdistro=trixie
2
url pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.198.20210220-9?distro=trixie
purl pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.198.20210220-9?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jac8-95p1-quec
1
vulnerability VCID-nejn-mmy7-93gx
2
vulnerability VCID-nfd4-axkc-pye3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.17.21%252Bdfsg%252B~cs8.31.198.20210220-9%3Fdistro=trixie
3
url pkg:deb/debian/node-lodash@4.18.1%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/node-lodash@4.18.1%2Bdfsg-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.18.1%252Bdfsg-3%3Fdistro=trixie
aliases CVE-2018-3721, GHSA-fvqr-27wr-82fm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1q47-ugsw-7qec
1
url VCID-4gsx-e9xa-pubs
vulnerability_id VCID-4gsx-e9xa-pubs
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8203.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8203.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8203
reference_id
reference_type
scores
0
value 0.02546
scoring_system epss
scoring_elements 0.85732
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8203
2
reference_url https://github.com/github/advisory-database/pull/2884
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/2884
3
reference_url https://github.com/lodash/lodash
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash
4
reference_url https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12
5
reference_url https://github.com/lodash/lodash/issues/4744
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/issues/4744
6
reference_url https://github.com/lodash/lodash/issues/4874
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/issues/4874
7
reference_url https://github.com/lodash/lodash/wiki/Changelog#v41719
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/wiki/Changelog#v41719
8
reference_url https://hackerone.com/reports/712065
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/712065
9
reference_url https://hackerone.com/reports/864701
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/864701
10
reference_url https://security.netapp.com/advisory/ntap-20200724-0006
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200724-0006
11
reference_url https://web.archive.org/web/20210914001339/https://github.com/lodash/lodash/issues/4744
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210914001339/https://github.com/lodash/lodash/issues/4744
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1857412
reference_id 1857412
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1857412
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965283
reference_id 965283
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965283
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8203
reference_id CVE-2020-8203
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8203
15
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-8203.yml
reference_id CVE-2020-8203.YML
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-8203.yml
16
reference_url https://github.com/advisories/GHSA-p6mc-m468-83gw
reference_id GHSA-p6mc-m468-83gw
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p6mc-m468-83gw
17
reference_url https://access.redhat.com/errata/RHSA-2020:3369
reference_id RHSA-2020:3369
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3369
18
reference_url https://access.redhat.com/errata/RHSA-2020:3370
reference_id RHSA-2020:3370
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3370
19
reference_url https://access.redhat.com/errata/RHSA-2020:3807
reference_id RHSA-2020:3807
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3807
20
reference_url https://access.redhat.com/errata/RHSA-2020:4298
reference_id RHSA-2020:4298
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4298
21
reference_url https://access.redhat.com/errata/RHSA-2020:5179
reference_id RHSA-2020:5179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5179
22
reference_url https://access.redhat.com/errata/RHSA-2020:5611
reference_id RHSA-2020:5611
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5611
23
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
fixed_packages
0
url pkg:deb/debian/node-lodash@4.17.19%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/node-lodash@4.17.19%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.17.19%252Bdfsg-1%3Fdistro=trixie
1
url pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.173-1?distro=trixie
purl pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.173-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jac8-95p1-quec
1
vulnerability VCID-nejn-mmy7-93gx
2
vulnerability VCID-nfd4-axkc-pye3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.17.21%252Bdfsg%252B~cs8.31.173-1%3Fdistro=trixie
2
url pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.198.20210220-9?distro=trixie
purl pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.198.20210220-9?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jac8-95p1-quec
1
vulnerability VCID-nejn-mmy7-93gx
2
vulnerability VCID-nfd4-axkc-pye3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.17.21%252Bdfsg%252B~cs8.31.198.20210220-9%3Fdistro=trixie
3
url pkg:deb/debian/node-lodash@4.18.1%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/node-lodash@4.18.1%2Bdfsg-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.18.1%252Bdfsg-3%3Fdistro=trixie
aliases CVE-2020-8203, GHSA-p6mc-m468-83gw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4gsx-e9xa-pubs
2
url VCID-7gp8-4hm6-43f4
vulnerability_id VCID-7gp8-4hm6-43f4
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-1010266
reference_id
reference_type
scores
0
value 0.00207
scoring_system epss
scoring_elements 0.43099
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-1010266
1
reference_url https://github.com/github/advisory-database/pull/6138
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/6138
2
reference_url https://github.com/lodash/lodash
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash
3
reference_url https://github.com/lodash/lodash/commit/5c08f18d365b64063bfbfa686cbb97cdd6267347
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/commit/5c08f18d365b64063bfbfa686cbb97cdd6267347
4
reference_url https://github.com/lodash/lodash/issues/3359
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/issues/3359
5
reference_url https://github.com/lodash/lodash/wiki/Changelog
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/wiki/Changelog
6
reference_url https://security.netapp.com/advisory/ntap-20190919-0004
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190919-0004
7
reference_url https://snyk.io/vuln/SNYK-JS-LODASH-73639
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-LODASH-73639
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1010266
reference_id CVE-2019-1010266
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-1010266
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2019-1010266.yml
reference_id CVE-2019-1010266.YML
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2019-1010266.yml
10
reference_url https://github.com/advisories/GHSA-x5rq-j2xg-h7qm
reference_id GHSA-x5rq-j2xg-h7qm
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x5rq-j2xg-h7qm
fixed_packages
0
url pkg:deb/debian/node-lodash@4.17.11%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/node-lodash@4.17.11%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.17.11%252Bdfsg-1%3Fdistro=trixie
1
url pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.173-1?distro=trixie
purl pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.173-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jac8-95p1-quec
1
vulnerability VCID-nejn-mmy7-93gx
2
vulnerability VCID-nfd4-axkc-pye3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.17.21%252Bdfsg%252B~cs8.31.173-1%3Fdistro=trixie
2
url pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.198.20210220-9?distro=trixie
purl pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.198.20210220-9?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jac8-95p1-quec
1
vulnerability VCID-nejn-mmy7-93gx
2
vulnerability VCID-nfd4-axkc-pye3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.17.21%252Bdfsg%252B~cs8.31.198.20210220-9%3Fdistro=trixie
3
url pkg:deb/debian/node-lodash@4.18.1%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/node-lodash@4.18.1%2Bdfsg-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.18.1%252Bdfsg-3%3Fdistro=trixie
aliases CVE-2019-1010266, GHSA-x5rq-j2xg-h7qm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7gp8-4hm6-43f4
3
url VCID-mp9p-75p5-g3ep
vulnerability_id VCID-mp9p-75p5-g3ep
summary 
Prototype Pollution in lodash
Versions of `lodash` before 4.17.12 are vulnerable to Prototype Pollution.  The function `defaultsDeep` allows a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:3024
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3024
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10744
reference_id
reference_type
scores
0
value 0.14845
scoring_system epss
scoring_elements 0.9463
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10744
2
reference_url https://github.com/lodash/lodash/pull/4336
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/pull/4336
3
reference_url https://security.netapp.com/advisory/ntap-20191004-0005
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20191004-0005
4
reference_url https://security.netapp.com/advisory/ntap-20191004-0005/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20191004-0005/
5
reference_url https://snyk.io/vuln/SNYK-JS-LODASH-450202
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-LODASH-450202
6
reference_url https://support.f5.com/csp/article/K47105354?utm_source=f5support&amp%3Butm_medium=RSS
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://support.f5.com/csp/article/K47105354?utm_source=f5support&amp%3Butm_medium=RSS
7
reference_url https://support.f5.com/csp/article/K47105354?utm_source=f5support&utm_medium=RSS
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://support.f5.com/csp/article/K47105354?utm_source=f5support&utm_medium=RSS
8
reference_url https://www.npmjs.com/advisories/1065
reference_id
reference_type
scores
url https://www.npmjs.com/advisories/1065
9
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
10
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933079
reference_id 933079
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933079
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10744
reference_id CVE-2019-10744
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10744
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2019-10744.yml
reference_id CVE-2019-10744.YML
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2019-10744.yml
14
reference_url https://github.com/advisories/GHSA-jf85-cpcp-j695
reference_id GHSA-jf85-cpcp-j695
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jf85-cpcp-j695
fixed_packages
0
url pkg:deb/debian/node-lodash@4.17.15%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/node-lodash@4.17.15%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.17.15%252Bdfsg-1%3Fdistro=trixie
1
url pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.173-1?distro=trixie
purl pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.173-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jac8-95p1-quec
1
vulnerability VCID-nejn-mmy7-93gx
2
vulnerability VCID-nfd4-axkc-pye3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.17.21%252Bdfsg%252B~cs8.31.173-1%3Fdistro=trixie
2
url pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.198.20210220-9?distro=trixie
purl pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.198.20210220-9?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jac8-95p1-quec
1
vulnerability VCID-nejn-mmy7-93gx
2
vulnerability VCID-nfd4-axkc-pye3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.17.21%252Bdfsg%252B~cs8.31.198.20210220-9%3Fdistro=trixie
3
url pkg:deb/debian/node-lodash@4.18.1%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/node-lodash@4.18.1%2Bdfsg-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.18.1%252Bdfsg-3%3Fdistro=trixie
aliases CVE-2019-10744, GHSA-jf85-cpcp-j695
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mp9p-75p5-g3ep
4
url VCID-tgzw-dc7b-d3ex
vulnerability_id VCID-tgzw-dc7b-d3ex
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23337.json
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23337.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-23337
reference_id
reference_type
scores
0
value 0.04314
scoring_system epss
scoring_elements 0.8907
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-23337
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
3
reference_url https://github.com/advisories/GHSA-35jh-r3h4-6jhm
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-35jh-r3h4-6jhm
4
reference_url https://github.com/lodash/lodash
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash
5
reference_url https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851
6
reference_url https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2021-23337.yml
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2021-23337.yml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23337
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-23337
9
reference_url https://security.netapp.com/advisory/ntap-20210312-0006
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210312-0006
10
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932
11
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930
12
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928
13
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931
14
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929
15
reference_url https://snyk.io/vuln/SNYK-JS-LODASH-1040724
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-LODASH-1040724
16
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
17
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
18
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
19
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1928937
reference_id 1928937
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1928937
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985086
reference_id 985086
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985086
22
reference_url https://access.redhat.com/errata/RHSA-2021:2179
reference_id RHSA-2021:2179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2179
23
reference_url https://access.redhat.com/errata/RHSA-2021:2438
reference_id RHSA-2021:2438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2438
24
reference_url https://access.redhat.com/errata/RHSA-2021:2543
reference_id RHSA-2021:2543
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2543
25
reference_url https://access.redhat.com/errata/RHSA-2021:3459
reference_id RHSA-2021:3459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3459
26
reference_url https://access.redhat.com/errata/RHSA-2022:6429
reference_id RHSA-2022:6429
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6429
27
reference_url https://access.redhat.com/errata/RHSA-2026:7329
reference_id RHSA-2026:7329
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7329
fixed_packages
0
url pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.173-1?distro=trixie
purl pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.173-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jac8-95p1-quec
1
vulnerability VCID-nejn-mmy7-93gx
2
vulnerability VCID-nfd4-axkc-pye3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.17.21%252Bdfsg%252B~cs8.31.173-1%3Fdistro=trixie
1
url pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.198.20210220-9?distro=trixie
purl pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.198.20210220-9?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jac8-95p1-quec
1
vulnerability VCID-nejn-mmy7-93gx
2
vulnerability VCID-nfd4-axkc-pye3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.17.21%252Bdfsg%252B~cs8.31.198.20210220-9%3Fdistro=trixie
2
url pkg:deb/debian/node-lodash@4.18.1%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/node-lodash@4.18.1%2Bdfsg-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.18.1%252Bdfsg-3%3Fdistro=trixie
aliases CVE-2021-23337, GHSA-35jh-r3h4-6jhm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tgzw-dc7b-d3ex
5
url VCID-whmg-sd8z-affq
vulnerability_id VCID-whmg-sd8z-affq
summary 
Prototype Pollution in lodash
Versions of `lodash` before 4.17.11 are vulnerable to prototype pollution.

The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16487
reference_id
reference_type
scores
0
value 0.0051
scoring_system epss
scoring_elements 0.66689
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16487
1
reference_url https://github.com/lodash/lodash/commit/90e6199a161b6445b01454517b40ef65ebecd2ad
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/commit/90e6199a161b6445b01454517b40ef65ebecd2ad
2
reference_url https://hackerone.com/reports/380873
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/380873
3
reference_url https://security.netapp.com/advisory/ntap-20190919-0004
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190919-0004
4
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/493.json
reference_id 493
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/493.json
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16487
reference_id CVE-2018-16487
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-16487
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2018-16487.yml
reference_id CVE-2018-16487.YML
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2018-16487.yml
7
reference_url https://github.com/advisories/GHSA-4xc9-xhrj-v574
reference_id GHSA-4xc9-xhrj-v574
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4xc9-xhrj-v574
fixed_packages
0
url pkg:deb/debian/node-lodash@4.17.11%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/node-lodash@4.17.11%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.17.11%252Bdfsg-1%3Fdistro=trixie
1
url pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.173-1?distro=trixie
purl pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.173-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jac8-95p1-quec
1
vulnerability VCID-nejn-mmy7-93gx
2
vulnerability VCID-nfd4-axkc-pye3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.17.21%252Bdfsg%252B~cs8.31.173-1%3Fdistro=trixie
2
url pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.198.20210220-9?distro=trixie
purl pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.198.20210220-9?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jac8-95p1-quec
1
vulnerability VCID-nejn-mmy7-93gx
2
vulnerability VCID-nfd4-axkc-pye3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.17.21%252Bdfsg%252B~cs8.31.198.20210220-9%3Fdistro=trixie
3
url pkg:deb/debian/node-lodash@4.18.1%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/node-lodash@4.18.1%2Bdfsg-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.18.1%252Bdfsg-3%3Fdistro=trixie
aliases CVE-2018-16487, GHSA-4xc9-xhrj-v574
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-whmg-sd8z-affq
6
url VCID-z2g8-6vjp-hkd5
vulnerability_id VCID-z2g8-6vjp-hkd5
summary 
Regular Expression Denial of Service (ReDoS) in lodash
All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the `toNumber`, `trim` and `trimEnd` functions.

Steps to reproduce (provided by reporter Liyuan Chen):
```js
var lo = require('lodash');

function build_blank(n) {
var ret = "1"
for (var i = 0; i < n; i++) {
ret += " "
}
return ret + "1";
}
var s = build_blank(50000) var time0 = Date.now();
lo.trim(s)
var time_cost0 = Date.now() - time0;
console.log("time_cost0: " + time_cost0);
var time1 = Date.now();
lo.toNumber(s) var time_cost1 = Date.now() - time1;
console.log("time_cost1: " + time_cost1);
var time2 = Date.now();
lo.trimEnd(s);
var time_cost2 = Date.now() - time2;
console.log("time_cost2: " + time_cost2);
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28500.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28500.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28500
reference_id
reference_type
scores
0
value 0.00245
scoring_system epss
scoring_elements 0.4791
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28500
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
3
reference_url https://github.com/github/advisory-database/pull/6139
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/6139
4
reference_url https://github.com/lodash/lodash
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash
5
reference_url https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8
6
reference_url https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a
7
reference_url https://github.com/lodash/lodash/pull/5065
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/pull/5065
8
reference_url https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7
9
reference_url https://security.netapp.com/advisory/ntap-20210312-0006
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210312-0006
10
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896
11
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894
12
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892
13
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895
14
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893
15
reference_url https://snyk.io/vuln/SNYK-JS-LODASH-1018905
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-LODASH-1018905
16
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
17
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
18
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
19
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1928954
reference_id 1928954
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1928954
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985086
reference_id 985086
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985086
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28500
reference_id CVE-2020-28500
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28500
23
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-28500.yml
reference_id CVE-2020-28500.YML
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-28500.yml
24
reference_url https://github.com/advisories/GHSA-29mw-wpgm-hmr9
reference_id GHSA-29mw-wpgm-hmr9
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-29mw-wpgm-hmr9
25
reference_url https://access.redhat.com/errata/RHSA-2021:2179
reference_id RHSA-2021:2179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2179
26
reference_url https://access.redhat.com/errata/RHSA-2021:2438
reference_id RHSA-2021:2438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2438
27
reference_url https://access.redhat.com/errata/RHSA-2021:2543
reference_id RHSA-2021:2543
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2543
28
reference_url https://access.redhat.com/errata/RHSA-2021:3459
reference_id RHSA-2021:3459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3459
29
reference_url https://access.redhat.com/errata/RHSA-2022:6429
reference_id RHSA-2022:6429
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6429
fixed_packages
0
url pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.173-1?distro=trixie
purl pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.173-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jac8-95p1-quec
1
vulnerability VCID-nejn-mmy7-93gx
2
vulnerability VCID-nfd4-axkc-pye3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.17.21%252Bdfsg%252B~cs8.31.173-1%3Fdistro=trixie
1
url pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.198.20210220-9?distro=trixie
purl pkg:deb/debian/node-lodash@4.17.21%2Bdfsg%2B~cs8.31.198.20210220-9?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jac8-95p1-quec
1
vulnerability VCID-nejn-mmy7-93gx
2
vulnerability VCID-nfd4-axkc-pye3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.17.21%252Bdfsg%252B~cs8.31.198.20210220-9%3Fdistro=trixie
2
url pkg:deb/debian/node-lodash@4.18.1%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/node-lodash@4.18.1%2Bdfsg-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.18.1%252Bdfsg-3%3Fdistro=trixie
aliases CVE-2020-28500, GHSA-29mw-wpgm-hmr9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z2g8-6vjp-hkd5
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/node-lodash@4.17.21%252Bdfsg%252B~cs8.31.198.20210220-9%3Fdistro=trixie