Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40node-red/runtime@0.20.2
Typenpm
Namespace@node-red
Nameruntime
Version0.20.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.2.8
Latest_non_vulnerable_version1.2.8
Affected_by_vulnerabilities
0
url VCID-h7v4-5z1t-aqbk
vulnerability_id VCID-h7v4-5z1t-aqbk
summary 
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default behaviour of the Node-RED runtime. The vulnerability is patched in the release. A workaround is to ensure only authorized users are able to access the editor url.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21297
reference_id
reference_type
scores
0
value 0.0023
scoring_system epss
scoring_elements 0.45892
published_at 2026-06-04T12:55:00Z
1
value 0.0023
scoring_system epss
scoring_elements 0.45929
published_at 2026-06-09T12:55:00Z
2
value 0.0023
scoring_system epss
scoring_elements 0.45917
published_at 2026-06-08T12:55:00Z
3
value 0.0023
scoring_system epss
scoring_elements 0.45943
published_at 2026-06-07T12:55:00Z
4
value 0.0023
scoring_system epss
scoring_elements 0.45964
published_at 2026-06-06T12:55:00Z
5
value 0.0023
scoring_system epss
scoring_elements 0.4596
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21297
1
reference_url https://github.com/node-red/node-red
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/node-red/node-red
2
reference_url https://github.com/node-red/node-red/releases/tag/1.2.8
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/node-red/node-red/releases/tag/1.2.8
3
reference_url https://www.npmjs.com/package/@node-red/editor-api
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/@node-red/editor-api
4
reference_url https://www.npmjs.com/package/@node-red/runtime
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/@node-red/runtime
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21297
reference_id CVE-2021-21297
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21297
6
reference_url https://github.com/advisories/GHSA-xp9c-82x8-7f67
reference_id GHSA-xp9c-82x8-7f67
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xp9c-82x8-7f67
7
reference_url https://github.com/node-red/node-red/security/advisories/GHSA-xp9c-82x8-7f67
reference_id GHSA-xp9c-82x8-7f67
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/node-red/node-red/security/advisories/GHSA-xp9c-82x8-7f67
fixed_packages
0
url pkg:npm/%40node-red/runtime@1.2.8
purl pkg:npm/%40node-red/runtime@1.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540node-red/runtime@1.2.8
aliases CVE-2021-21297, GHSA-xp9c-82x8-7f67
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h7v4-5z1t-aqbk
1
url VCID-m5kp-t88v-fufu
vulnerability_id VCID-m5kp-t88v-fufu
summary 
Path Traversal
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED has a vulnerability which allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with `projects.read` permission is able to access any file via the Projects API. The vulnerability applies only to the Projects feature which is not enabled by default in Node-RED. The primary workaround is not give untrusted users read access to the Node-RED editor.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21298
reference_id
reference_type
scores
0
value 0.00365
scoring_system epss
scoring_elements 0.58864
published_at 2026-06-09T12:55:00Z
1
value 0.00365
scoring_system epss
scoring_elements 0.5882
published_at 2026-06-04T12:55:00Z
2
value 0.00365
scoring_system epss
scoring_elements 0.58866
published_at 2026-06-05T12:55:00Z
3
value 0.00365
scoring_system epss
scoring_elements 0.58872
published_at 2026-06-06T12:55:00Z
4
value 0.00365
scoring_system epss
scoring_elements 0.58865
published_at 2026-06-07T12:55:00Z
5
value 0.00365
scoring_system epss
scoring_elements 0.58849
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21298
1
reference_url https://github.com/node-red/node-red/commit/74db3e17d075f23d9c95d7871586cf461524c456
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/node-red/node-red/commit/74db3e17d075f23d9c95d7871586cf461524c456
2
reference_url https://github.com/node-red/node-red/releases/tag/1.2.8
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/node-red/node-red/releases/tag/1.2.8
3
reference_url https://www.npmjs.com/package/@node-red/runtime
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/@node-red/runtime
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21298
reference_id CVE-2021-21298
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21298
5
reference_url https://github.com/advisories/GHSA-m33v-338h-4v9f
reference_id GHSA-m33v-338h-4v9f
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m33v-338h-4v9f
6
reference_url https://github.com/node-red/node-red/security/advisories/GHSA-m33v-338h-4v9f
reference_id GHSA-m33v-338h-4v9f
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/node-red/node-red/security/advisories/GHSA-m33v-338h-4v9f
fixed_packages
0
url pkg:npm/%40node-red/runtime@1.2.8
purl pkg:npm/%40node-red/runtime@1.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540node-red/runtime@1.2.8
aliases CVE-2021-21298, GHSA-m33v-338h-4v9f
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m5kp-t88v-fufu
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540node-red/runtime@0.20.2