Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/socket.io-parser@4.0.0

Type npm

Namespace

Name socket.io-parser

Version 4.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.2.6

Latest_non_vulnerable_version 4.2.6

Affected_by_vulnerabilities

url VCID-7m32-6wct-rffy

vulnerability_id VCID-7m32-6wct-rffy

summary Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2421

reference_id

reference_type

scores

value	0.0084
scoring_system	epss
scoring_elements	0.75156
published_at	2026-06-11T12:55:00Z

value	0.0084
scoring_system	epss
scoring_elements	0.75227
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2421

reference_url

https://csirt.divd.nl/cases/DIVD-2022-00045

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://csirt.divd.nl/cases/DIVD-2022-00045

reference_url

https://github.com/socketio/socket.io-parser

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/socketio/socket.io-parser

reference_url

https://github.com/socketio/socket.io-parser/commit/04d23cecafe1b859fb03e0cbf6ba3b74dff56d14

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/socketio/socket.io-parser/commit/04d23cecafe1b859fb03e0cbf6ba3b74dff56d14

reference_url

https://github.com/socketio/socket.io-parser/commit/b559f050ee02bd90bd853b9823f8de7fa94a80d4

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/socketio/socket.io-parser/commit/b559f050ee02bd90bd853b9823f8de7fa94a80d4

reference_url

https://github.com/socketio/socket.io-parser/commit/b5d0cb7dc56a0601a09b056beaeeb0e43b160050

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/socketio/socket.io-parser/commit/b5d0cb7dc56a0601a09b056beaeeb0e43b160050

reference_url

https://github.com/socketio/socket.io-parser/commit/fb21e422fc193b34347395a33e0f625bebc09983

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/socketio/socket.io-parser/commit/fb21e422fc193b34347395a33e0f625bebc09983

reference_url

https://csirt.divd.nl/CVE-2022-2421

reference_id

CVE-2022-2421

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-20T14:40:01Z/

url

https://csirt.divd.nl/CVE-2022-2421

reference_url

https://csirt.divd.nl/cves/CVE-2022-2421

reference_id

CVE-2022-2421

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://csirt.divd.nl/cves/CVE-2022-2421

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-2421

reference_id

CVE-2022-2421

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-2421

reference_url

https://csirt.divd.nl/DIVD-2022-00045

reference_id

DIVD-2022-00045

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-20T14:40:01Z/

url

https://csirt.divd.nl/DIVD-2022-00045

reference_url

https://github.com/advisories/GHSA-qm95-pgcg-qqfq

reference_id

GHSA-qm95-pgcg-qqfq

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qm95-pgcg-qqfq

fixed_packages

url pkg:npm/socket.io-parser@4.0.5

purl pkg:npm/socket.io-parser@4.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7m32-6wct-rffy

vulnerability	VCID-9r7z-mdtu-s7f4

vulnerability	VCID-vawq-jsk5-n3gq

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/socket.io-parser@4.0.5

url pkg:npm/socket.io-parser@4.2.1

purl pkg:npm/socket.io-parser@4.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9r7z-mdtu-s7f4

vulnerability	VCID-vawq-jsk5-n3gq

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/socket.io-parser@4.2.1

aliases CVE-2022-2421, GHSA-qm95-pgcg-qqfq

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7m32-6wct-rffy

url VCID-9r7z-mdtu-s7f4

vulnerability_id VCID-9r7z-mdtu-s7f4

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33151.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33151.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33151

reference_id

reference_type

scores

value	0.00051
scoring_system	epss
scoring_elements	0.16405
published_at	2026-06-11T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.1655
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33151

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33151
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33151

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/socketio/socket.io

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/socketio/socket.io

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33151

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33151

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131477
reference_id	1131477
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131477

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2449789
reference_id	2449789
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2449789

reference_url

https://github.com/socketio/socket.io/commit/719f9ebab0772ffb882bd614b387e585c1aa75d4

reference_id

719f9ebab0772ffb882bd614b387e585c1aa75d4

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-23T16:50:08Z/

url

https://github.com/socketio/socket.io/commit/719f9ebab0772ffb882bd614b387e585c1aa75d4

reference_url

https://github.com/socketio/socket.io/commit/9d39f1f080510f036782f2177fac701cc041faaf

reference_id

9d39f1f080510f036782f2177fac701cc041faaf

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-23T16:50:08Z/

url

https://github.com/socketio/socket.io/commit/9d39f1f080510f036782f2177fac701cc041faaf

reference_url

https://github.com/socketio/socket.io/commit/b25738c416c4e32fbff62ee182afa8f6d0dacf78

reference_id

b25738c416c4e32fbff62ee182afa8f6d0dacf78

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-23T16:50:08Z/

url

https://github.com/socketio/socket.io/commit/b25738c416c4e32fbff62ee182afa8f6d0dacf78

reference_url

https://github.com/advisories/GHSA-677m-j7p3-52f9

reference_id

GHSA-677m-j7p3-52f9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-677m-j7p3-52f9

reference_url

https://github.com/socketio/socket.io/security/advisories/GHSA-677m-j7p3-52f9

reference_id

GHSA-677m-j7p3-52f9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-23T16:50:08Z/

url

https://github.com/socketio/socket.io/security/advisories/GHSA-677m-j7p3-52f9

fixed_packages

url	pkg:npm/socket.io-parser@4.2.6
purl	pkg:npm/socket.io-parser@4.2.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/socket.io-parser@4.2.6

aliases CVE-2026-33151, GHSA-677m-j7p3-52f9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9r7z-mdtu-s7f4

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/socket.io-parser@4.0.0

Package Instance