Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40theia/preview@0.12.0-next.8814c201
Typenpm
Namespace@theia
Namepreview
Version0.12.0-next.8814c201
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.18.0
Latest_non_vulnerable_version1.18.0
Affected_by_vulnerabilities
0
url VCID-2qpa-9hq8-w7bc
vulnerability_id VCID-2qpa-9hq8-w7bc
summary 
Insufficient Verification of Data Authenticity
The @theia/plugin-ext component of Eclipse Theia, Webview contents can be hijacked via `postMessage()`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41038
reference_id
reference_type
scores
0
value 0.00141
scoring_system epss
scoring_elements 0.33978
published_at 2026-06-07T12:55:00Z
1
value 0.00141
scoring_system epss
scoring_elements 0.33967
published_at 2026-06-09T12:55:00Z
2
value 0.00141
scoring_system epss
scoring_elements 0.33944
published_at 2026-06-08T12:55:00Z
3
value 0.00141
scoring_system epss
scoring_elements 0.34011
published_at 2026-06-06T12:55:00Z
4
value 0.00141
scoring_system epss
scoring_elements 0.33894
published_at 2026-06-04T12:55:00Z
5
value 0.00141
scoring_system epss
scoring_elements 0.33996
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41038
1
reference_url https://bugs.eclipse.org/bugs/show_bug.cgi?id=575924
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.eclipse.org/bugs/show_bug.cgi?id=575924
2
reference_url https://github.com/eclipse-theia/theia
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse-theia/theia
3
reference_url https://github.com/eclipse-theia/theia/pull/10125
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse-theia/theia/pull/10125
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41038
reference_id CVE-2021-41038
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41038
5
reference_url https://github.com/advisories/GHSA-w6v7-w58j-pg5r
reference_id GHSA-w6v7-w58j-pg5r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w6v7-w58j-pg5r
fixed_packages
0
url pkg:npm/%40theia/preview@1.18.0
purl pkg:npm/%40theia/preview@1.18.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540theia/preview@1.18.0
aliases CVE-2021-41038, GHSA-w6v7-w58j-pg5r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2qpa-9hq8-w7bc
1
url VCID-dzh9-83r1-97c4
vulnerability_id VCID-dzh9-83r1-97c4
summary 
Inclusion of Functionality from Untrusted Control Sphere
In Eclipse Theia versions up to and including, in the notification messages there is no HTML escaping, so Javascript code can run.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28162
reference_id
reference_type
scores
0
value 0.00172
scoring_system epss
scoring_elements 0.3828
published_at 2026-06-04T12:55:00Z
1
value 0.00172
scoring_system epss
scoring_elements 0.38324
published_at 2026-06-09T12:55:00Z
2
value 0.00172
scoring_system epss
scoring_elements 0.38314
published_at 2026-06-08T12:55:00Z
3
value 0.00172
scoring_system epss
scoring_elements 0.38343
published_at 2026-06-07T12:55:00Z
4
value 0.00172
scoring_system epss
scoring_elements 0.38371
published_at 2026-06-06T12:55:00Z
5
value 0.00172
scoring_system epss
scoring_elements 0.38368
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28162
1
reference_url https://github.com/eclipse-theia/theia/blob/master/CHANGELOG.md#v100---26032020
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse-theia/theia/blob/master/CHANGELOG.md#v100---26032020
2
reference_url https://github.com/eclipse-theia/theia/issues/7283
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse-theia/theia/issues/7283
3
reference_url https://github.com/eclipse-theia/theia/pull/7289
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse-theia/theia/pull/7289
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28162
reference_id CVE-2021-28162
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28162
5
reference_url https://github.com/advisories/GHSA-c94v-8fff-73ph
reference_id GHSA-c94v-8fff-73ph
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c94v-8fff-73ph
fixed_packages
0
url pkg:npm/%40theia/preview@0.16.1
purl pkg:npm/%40theia/preview@0.16.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2qpa-9hq8-w7bc
1
vulnerability VCID-s7ee-p5x1-1qfb
2
vulnerability VCID-shkb-61xx-nkan
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540theia/preview@0.16.1
1
url pkg:npm/%40theia/preview@0.17.0-next.715cda98
purl pkg:npm/%40theia/preview@0.17.0-next.715cda98
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2qpa-9hq8-w7bc
1
vulnerability VCID-s7ee-p5x1-1qfb
2
vulnerability VCID-shkb-61xx-nkan
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540theia/preview@0.17.0-next.715cda98
aliases CVE-2021-28162, GHSA-c94v-8fff-73ph
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dzh9-83r1-97c4
2
url VCID-s7ee-p5x1-1qfb
vulnerability_id VCID-s7ee-p5x1-1qfb
summary 
Cross-site Scripting
In Eclipse Theia versions up to and including, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28161
reference_id
reference_type
scores
0
value 0.00201
scoring_system epss
scoring_elements 0.42117
published_at 2026-06-09T12:55:00Z
1
value 0.00201
scoring_system epss
scoring_elements 0.42087
published_at 2026-06-04T12:55:00Z
2
value 0.00201
scoring_system epss
scoring_elements 0.42161
published_at 2026-06-05T12:55:00Z
3
value 0.00201
scoring_system epss
scoring_elements 0.42171
published_at 2026-06-06T12:55:00Z
4
value 0.00201
scoring_system epss
scoring_elements 0.42143
published_at 2026-06-07T12:55:00Z
5
value 0.00201
scoring_system epss
scoring_elements 0.42108
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28161
1
reference_url https://github.com/eclipse-theia/theia/issues/8794
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse-theia/theia/issues/8794
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28161
reference_id CVE-2021-28161
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28161
3
reference_url https://github.com/advisories/GHSA-cwg9-c9cr-p5fq
reference_id GHSA-cwg9-c9cr-p5fq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cwg9-c9cr-p5fq
fixed_packages
0
url pkg:npm/%40theia/preview@1.8.1
purl pkg:npm/%40theia/preview@1.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2qpa-9hq8-w7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540theia/preview@1.8.1
1
url pkg:npm/%40theia/preview@1.9.0
purl pkg:npm/%40theia/preview@1.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2qpa-9hq8-w7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540theia/preview@1.9.0
aliases CVE-2021-28161, GHSA-cwg9-c9cr-p5fq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s7ee-p5x1-1qfb
3
url VCID-shkb-61xx-nkan
vulnerability_id VCID-shkb-61xx-nkan
summary 
Cross-site Scripting
The Markdown Preview can be exploited to execute arbitrary code.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-27224
reference_id
reference_type
scores
0
value 0.009
scoring_system epss
scoring_elements 0.7605
published_at 2026-06-08T12:55:00Z
1
value 0.009
scoring_system epss
scoring_elements 0.76075
published_at 2026-06-09T12:55:00Z
2
value 0.009
scoring_system epss
scoring_elements 0.76072
published_at 2026-06-06T12:55:00Z
3
value 0.009
scoring_system epss
scoring_elements 0.76047
published_at 2026-06-04T12:55:00Z
4
value 0.009
scoring_system epss
scoring_elements 0.76064
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-27224
1
reference_url https://github.com/eclipse-theia/theia/issues/7954
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse-theia/theia/issues/7954
2
reference_url https://github.com/eclipse-theia/theia/pull/7971
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse-theia/theia/pull/7971
3
reference_url https://omespino.com/write-up-google-bug-bounty-xss-to-cloud-shell-instance-takeover-rce-as-root-5000-usd
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://omespino.com/write-up-google-bug-bounty-xss-to-cloud-shell-instance-takeover-rce-as-root-5000-usd
4
reference_url https://omespino.com/write-up-google-bug-bounty-xss-to-cloud-shell-instance-takeover-rce-as-root-5000-usd/
reference_id
reference_type
scores
url https://omespino.com/write-up-google-bug-bounty-xss-to-cloud-shell-instance-takeover-rce-as-root-5000-usd/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-27224
reference_id CVE-2020-27224
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-27224
6
reference_url https://github.com/advisories/GHSA-gcm9-cc3r-c6vj
reference_id GHSA-gcm9-cc3r-c6vj
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gcm9-cc3r-c6vj
fixed_packages
0
url pkg:npm/%40theia/preview@1.3.0-next.60437227
purl pkg:npm/%40theia/preview@1.3.0-next.60437227
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2qpa-9hq8-w7bc
1
vulnerability VCID-s7ee-p5x1-1qfb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540theia/preview@1.3.0-next.60437227
1
url pkg:npm/%40theia/preview@1.3.0
purl pkg:npm/%40theia/preview@1.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2qpa-9hq8-w7bc
1
vulnerability VCID-s7ee-p5x1-1qfb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540theia/preview@1.3.0
aliases CVE-2020-27224, GHSA-gcm9-cc3r-c6vj
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-shkb-61xx-nkan
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540theia/preview@0.12.0-next.8814c201