Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/nw@0.13.0-sdk
Typenpm
Namespace
Namenw
Version0.13.0-sdk
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.23.6-sdk-1
Latest_non_vulnerable_version0.26.0
Affected_by_vulnerabilities
0
url VCID-7t56-dwzc-c3gq
vulnerability_id VCID-7t56-dwzc-c3gq
summary 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
nw is an installer for nw.js. nw downloads zipped resources over HTTP, It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-10588
reference_id
reference_type
scores
0
value 0.00863
scoring_system epss
scoring_elements 0.7547
published_at 2026-06-06T12:55:00Z
1
value 0.00863
scoring_system epss
scoring_elements 0.75473
published_at 2026-06-09T12:55:00Z
2
value 0.00863
scoring_system epss
scoring_elements 0.75447
published_at 2026-06-08T12:55:00Z
3
value 0.00863
scoring_system epss
scoring_elements 0.75461
published_at 2026-06-07T12:55:00Z
4
value 0.00863
scoring_system epss
scoring_elements 0.75437
published_at 2026-06-04T12:55:00Z
5
value 0.00863
scoring_system epss
scoring_elements 0.75467
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-10588
1
reference_url https://github.com/nwjs/npm-installer/commit/adb4df1e012d38a3872578d484291b9af07aad5b
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nwjs/npm-installer/commit/adb4df1e012d38a3872578d484291b9af07aad5b
2
reference_url https://nodesecurity.io/advisories/166
reference_id
reference_type
scores
url https://nodesecurity.io/advisories/166
3
reference_url https://www.npmjs.com/advisories/166
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/166
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-10588
reference_id CVE-2016-10588
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-10588
5
reference_url https://github.com/advisories/GHSA-hv96-xxx2-5v7w
reference_id GHSA-hv96-xxx2-5v7w
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hv96-xxx2-5v7w
fixed_packages
0
url pkg:npm/nw@0.23.6-1
purl pkg:npm/nw@0.23.6-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7t56-dwzc-c3gq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/nw@0.23.6-1
1
url pkg:npm/nw@0.23.6-sdk-1
purl pkg:npm/nw@0.23.6-sdk-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/nw@0.23.6-sdk-1
aliases CVE-2016-10588, GHSA-hv96-xxx2-5v7w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7t56-dwzc-c3gq
1
url VCID-hzrr-hyz1-83cd
vulnerability_id VCID-hzrr-hyz1-83cd
summary 
Downloads Resources over HTTP
nw downloads zipped resources over HTTP, It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
references
0
reference_url https://github.com/nwjs/npm-installer/blob/v0.13.0/scripts/install.js#L30
reference_id
reference_type
scores
url https://github.com/nwjs/npm-installer/blob/v0.13.0/scripts/install.js#L30
1
reference_url https://github.com/nwjs/npm-installer/commit/adb4df1e012d38a3872578d484291b9af07aad5b
reference_id
reference_type
scores
url https://github.com/nwjs/npm-installer/commit/adb4df1e012d38a3872578d484291b9af07aad5b
fixed_packages
0
url pkg:npm/nw@0.26.0
purl pkg:npm/nw@0.26.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/nw@0.26.0
aliases GMS-2016-121
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hzrr-hyz1-83cd
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/nw@0.13.0-sdk