Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/libxl@0.1.1

Type npm

Namespace

Name libxl

Version 0.1.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

0

url

VCID-3kae-hx32-7bdh

vulnerability_id

VCID-3kae-hx32-7bdh

summary

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
libxl provides Node bindings for the libxl library for reading and writing excel (XLS and XLSX) spreadsheets. libxl downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.

references

0

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-10585

reference_id

reference_type

scores

0

value	0.00735
scoring_system	epss
scoring_elements	0.73212
published_at	2026-06-06T12:55:00Z

1

value	0.00735
scoring_system	epss
scoring_elements	0.73168
published_at	2026-06-04T12:55:00Z

2

value	0.00735
scoring_system	epss
scoring_elements	0.73206
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-10585

1

reference_url

https://github.com/DirtyHairy/node-libxl

reference_id

reference_type

scores

0

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/DirtyHairy/node-libxl

2

reference_url	https://nodesecurity.io/advisories/178
reference_id
reference_type
scores
url	https://nodesecurity.io/advisories/178

3

reference_url

https://www.npmjs.com/advisories/178

reference_id

reference_type

scores

0

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/advisories/178

4

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-10585

reference_id

CVE-2016-10585

reference_type

scores

0

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-10585

5

reference_url

https://github.com/advisories/GHSA-7vrq-vg6p-32fw

reference_id

GHSA-7vrq-vg6p-32fw

reference_type

scores

0

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

1

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-7vrq-vg6p-32fw

fixed_packages

aliases

CVE-2016-10585, GHSA-7vrq-vg6p-32fw

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-3kae-hx32-7bdh

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/libxl@0.1.1