Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/rsshub@1.0.0-master.2ca56e8
Typenpm
Namespace
Namersshub
Version1.0.0-master.2ca56e8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.0.0-master.a429472
Latest_non_vulnerable_version1.0.0-master.e2a57e4
Affected_by_vulnerabilities
0
url VCID-gb6h-xzdu-63g6
vulnerability_id VCID-gb6h-xzdu-63g6
summary 
Denial of Service (DoS) vulnerability in RSSHub
### Impact

Passing some special values to the `filter` and `filterout` parameters can cause an abnormally high CPU. Impact on the performance of the servers and RSSHub services.

### Patches

It is fixed in 5c4177441417b44a6e45c3c63e9eac2504abeb5b , please update to this or the later versions as soon as possible.

### References

Full report: https://github.com/DIYgod/RSSHub/issues/10045

### For more information

If you have any questions or comments about this advisory:
* Open an issue in <https://github.com/DIYgod/RSSHub/issues>
* Email us at [i@diygod.me](mailto:i@diygod.me)

### Credits

@Rongronggg9
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31110
reference_id
reference_type
scores
0
value 0.00557
scoring_system epss
scoring_elements 0.68587
published_at 2026-06-05T12:55:00Z
1
value 0.00557
scoring_system epss
scoring_elements 0.68545
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31110
1
reference_url https://github.com/DIYgod/RSSHub
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/DIYgod/RSSHub
2
reference_url https://github.com/DIYgod/RSSHub/commit/4671720f4c5e1aaaad8fcc1dce684b6546baf2ff
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/DIYgod/RSSHub/commit/4671720f4c5e1aaaad8fcc1dce684b6546baf2ff
3
reference_url https://github.com/DIYgod/RSSHub/commit/5c4177441417b44a6e45c3c63e9eac2504abeb5b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:40:33Z/
url https://github.com/DIYgod/RSSHub/commit/5c4177441417b44a6e45c3c63e9eac2504abeb5b
4
reference_url https://github.com/DIYgod/RSSHub/issues/10045
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:40:33Z/
url https://github.com/DIYgod/RSSHub/issues/10045
5
reference_url https://github.com/DIYgod/RSSHub/security/advisories/GHSA-jvxx-v45p-v5vf
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:40:33Z/
url https://github.com/DIYgod/RSSHub/security/advisories/GHSA-jvxx-v45p-v5vf
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31110
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31110
7
reference_url https://github.com/advisories/GHSA-jvxx-v45p-v5vf
reference_id GHSA-jvxx-v45p-v5vf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jvxx-v45p-v5vf
fixed_packages
aliases CVE-2022-31110, GHSA-jvxx-v45p-v5vf, GMS-2022-2614
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gb6h-xzdu-63g6
1
url VCID-syn8-e3ey-9baw
vulnerability_id VCID-syn8-e3ey-9baw
summary 
Injection Vulnerability
RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub, there is a risk of code injection. Some routes use `eval` or `Function constructor`, which may be injected by the target site with unsafe code, causing server-side security issues.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21278
reference_id
reference_type
scores
0
value 0.00451
scoring_system epss
scoring_elements 0.64075
published_at 2026-06-05T12:55:00Z
1
value 0.00451
scoring_system epss
scoring_elements 0.64033
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21278
1
reference_url https://github.com/DIYgod/RSSHub
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/DIYgod/RSSHub
2
reference_url https://github.com/DIYgod/RSSHub/commit/7f1c43094e8a82e4d8f036ff7d42568fed00699d
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/DIYgod/RSSHub/commit/7f1c43094e8a82e4d8f036ff7d42568fed00699d
3
reference_url https://github.com/DIYgod/RSSHub/security/advisories/GHSA-pgjj-866w-fc5c
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/DIYgod/RSSHub/security/advisories/GHSA-pgjj-866w-fc5c
4
reference_url https://www.npmjs.com/package/rsshub
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/rsshub
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21278
reference_id CVE-2021-21278
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21278
fixed_packages
0
url pkg:npm/rsshub@1.0.0-master.bda9d72
purl pkg:npm/rsshub@1.0.0-master.bda9d72
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gb6h-xzdu-63g6
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/rsshub@1.0.0-master.bda9d72
aliases CVE-2021-21278, GHSA-pgjj-866w-fc5c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-syn8-e3ey-9baw
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/rsshub@1.0.0-master.2ca56e8