Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/nodemailer@6.4.14

Type npm

Namespace

Name nodemailer

Version 6.4.14

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.6.1

Latest_non_vulnerable_version 8.0.5

Affected_by_vulnerabilities

url VCID-5va3-b6xm-s3dt

vulnerability_id VCID-5va3-b6xm-s3dt

summary

Injection Vulnerability
Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending emails.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7769

reference_id

reference_type

scores

value	0.00509
scoring_system	epss
scoring_elements	0.66764
published_at	2026-06-05T12:55:00Z

value	0.00509
scoring_system	epss
scoring_elements	0.66723
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7769

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7769
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7769

reference_url

https://github.com/nodemailer/nodemailer/blob/33b62e2ea6bc9215c99a9bb4bfba94e2fb27ebd0/lib/sendmail-transport/index.js%23L75

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/nodemailer/nodemailer/blob/33b62e2ea6bc9215c99a9bb4bfba94e2fb27ebd0/lib/sendmail-transport/index.js%23L75

reference_url

https://github.com/nodemailer/nodemailer/blob/33b62e2ea6bc9215c99a9bb4bfba94e2fb27ebd0/lib/sendmail-transport/index.js#L75

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/nodemailer/nodemailer/blob/33b62e2ea6bc9215c99a9bb4bfba94e2fb27ebd0/lib/sendmail-transport/index.js#L75

reference_url

https://github.com/nodemailer/nodemailer/commit/ba31c64c910d884579875c52d57ac45acc47aa54

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/nodemailer/nodemailer/commit/ba31c64c910d884579875c52d57ac45acc47aa54

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1039742

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1039742

reference_url

https://snyk.io/vuln/SNYK-JS-NODEMAILER-1038834

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-NODEMAILER-1038834

reference_url

https://www.npmjs.com/package/nodemailer

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/package/nodemailer

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-7769

reference_id

CVE-2020-7769

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-7769

fixed_packages

url pkg:npm/nodemailer@6.4.16

purl pkg:npm/nodemailer@6.4.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ggzv-yq4b-4qdk

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/nodemailer@6.4.16

aliases CVE-2020-7769, GHSA-48ww-j4fc-435p

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5va3-b6xm-s3dt

url VCID-ggzv-yq4b-4qdk

vulnerability_id VCID-ggzv-yq4b-4qdk

summary

Injection Vulnerability
The package nodemailer is vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-23400

reference_id

reference_type

scores

value	0.00536
scoring_system	epss
scoring_elements	0.67858
published_at	2026-06-05T12:55:00Z

value	0.00536
scoring_system	epss
scoring_elements	0.67818
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-23400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23400

reference_url

https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f

reference_url

https://github.com/nodemailer/nodemailer/issues/1289

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/nodemailer/nodemailer/issues/1289

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314737

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314737

reference_url

https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990485
reference_id	990485
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990485

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-23400

reference_id

CVE-2021-23400

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-23400

reference_url

https://github.com/advisories/GHSA-hwqf-gcqm-7353

reference_id

GHSA-hwqf-gcqm-7353

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hwqf-gcqm-7353

fixed_packages

url	pkg:npm/nodemailer@6.6.1
purl	pkg:npm/nodemailer@6.6.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/nodemailer@6.6.1

aliases CVE-2021-23400, GHSA-hwqf-gcqm-7353

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ggzv-yq4b-4qdk

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/nodemailer@6.4.14

Package Instance