Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/vue-i18n@9.14.3
Typenpm
Namespace
Namevue-i18n
Version9.14.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version9.14.5
Latest_non_vulnerable_version12.0.0-alpha.1
Affected_by_vulnerabilities
0
url VCID-gd4n-e4q3-mufa
vulnerability_id VCID-gd4n-e4q3-mufa
summary Vue I18n is the internationalization plugin for Vue.js. The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, starting in version 9.0.0 and prior to versions 9.14.5, 10.0.8, and 11.1.0, this setting fails to prevent execution of certain tag-based payloads, such as <img src=x onerror=...>, if the interpolated value is inserted inside an HTML context using v-html. This may lead to a DOM-based XSS vulnerability, even when using escapeParameterHtml: true, if a translation string includes minor HTML and is rendered via v-html. Versions 9.14.5, 10.0.8, and 11.1.0 contain a fix for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-53892
reference_id
reference_type
scores
0
value 0.00586
scoring_system epss
scoring_elements 0.69573
published_at 2026-06-11T12:55:00Z
1
value 0.00586
scoring_system epss
scoring_elements 0.69674
published_at 2026-06-14T12:55:00Z
2
value 0.00586
scoring_system epss
scoring_elements 0.69676
published_at 2026-06-13T12:55:00Z
3
value 0.00586
scoring_system epss
scoring_elements 0.69663
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-53892
1
reference_url https://github.com/intlify/vue-i18n
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/intlify/vue-i18n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-53892
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-53892
3
reference_url https://github.com/intlify/vue-i18n/pull/2229
reference_id 2229
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-22T14:58:31Z/
url https://github.com/intlify/vue-i18n/pull/2229
4
reference_url https://github.com/intlify/vue-i18n/pull/2230
reference_id 2230
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-22T14:58:31Z/
url https://github.com/intlify/vue-i18n/pull/2230
5
reference_url https://github.com/intlify/vue-i18n/commit/49f982443ab8fd94ecc427b265ce97d57df94d7e
reference_id 49f982443ab8fd94ecc427b265ce97d57df94d7e
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-22T14:58:31Z/
url https://github.com/intlify/vue-i18n/commit/49f982443ab8fd94ecc427b265ce97d57df94d7e
6
reference_url https://github.com/intlify/vue-i18n/commit/a47099619fb9b256e86341a8658ebe72e92ab099
reference_id a47099619fb9b256e86341a8658ebe72e92ab099
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-22T14:58:31Z/
url https://github.com/intlify/vue-i18n/commit/a47099619fb9b256e86341a8658ebe72e92ab099
7
reference_url https://github.com/advisories/GHSA-x8qp-wqqm-57ph
reference_id GHSA-x8qp-wqqm-57ph
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x8qp-wqqm-57ph
8
reference_url https://github.com/intlify/vue-i18n/security/advisories/GHSA-x8qp-wqqm-57ph
reference_id GHSA-x8qp-wqqm-57ph
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-22T14:58:31Z/
url https://github.com/intlify/vue-i18n/security/advisories/GHSA-x8qp-wqqm-57ph
9
reference_url https://github.com/intlify/vue-i18n/releases/tag/v10.0.8
reference_id v10.0.8
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-22T14:58:31Z/
url https://github.com/intlify/vue-i18n/releases/tag/v10.0.8
10
reference_url https://github.com/intlify/vue-i18n/releases/tag/v11.1.10
reference_id v11.1.10
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-22T14:58:31Z/
url https://github.com/intlify/vue-i18n/releases/tag/v11.1.10
11
reference_url https://github.com/intlify/vue-i18n/releases/tag/v9.14.5
reference_id v9.14.5
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-22T14:58:31Z/
url https://github.com/intlify/vue-i18n/releases/tag/v9.14.5
fixed_packages
0
url pkg:npm/vue-i18n@9.14.5
purl pkg:npm/vue-i18n@9.14.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vue-i18n@9.14.5
1
url pkg:npm/vue-i18n@10.0.0-alpha.1
purl pkg:npm/vue-i18n@10.0.0-alpha.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rnpx-k35u-uqd2
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vue-i18n@10.0.0-alpha.1
2
url pkg:npm/vue-i18n@10.0.8
purl pkg:npm/vue-i18n@10.0.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vue-i18n@10.0.8
3
url pkg:npm/vue-i18n@11.0.0-beta.0
purl pkg:npm/vue-i18n@11.0.0-beta.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rnpx-k35u-uqd2
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vue-i18n@11.0.0-beta.0
4
url pkg:npm/vue-i18n@11.1.10
purl pkg:npm/vue-i18n@11.1.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vue-i18n@11.1.10
5
url pkg:npm/vue-i18n@12.0.0-alpha.1
purl pkg:npm/vue-i18n@12.0.0-alpha.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vue-i18n@12.0.0-alpha.1
aliases CVE-2025-53892, GHSA-x8qp-wqqm-57ph
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gd4n-e4q3-mufa
Fixing_vulnerabilities
0
url VCID-rnpx-k35u-uqd2
vulnerability_id VCID-rnpx-k35u-uqd2
summary Vue I18n is the internationalization plugin for Vue.js. @intlify/message-resolver and @intlify/vue-i18n-core are vulnerable to Prototype Pollution through the entry function: handleFlatJson. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) a the minimum consequence. Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application's context.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27597
reference_id
reference_type
scores
0
value 0.00181
scoring_system epss
scoring_elements 0.39717
published_at 2026-06-14T12:55:00Z
1
value 0.00181
scoring_system epss
scoring_elements 0.39702
published_at 2026-06-12T12:55:00Z
2
value 0.00181
scoring_system epss
scoring_elements 0.39727
published_at 2026-06-13T12:55:00Z
3
value 0.00181
scoring_system epss
scoring_elements 0.39532
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27597
1
reference_url https://github.com/intlify/vue-i18n
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/intlify/vue-i18n
2
reference_url https://github.com/intlify/vue-i18n/commit/d21e06a7440eed8ada7f522b22fcf830b98d3a53
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/intlify/vue-i18n/commit/d21e06a7440eed8ada7f522b22fcf830b98d3a53
3
reference_url https://github.com/intlify/vue-i18n/commit/fbda9988d3ddd3a1a21740d506d2c183d6b6e36a
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/intlify/vue-i18n/commit/fbda9988d3ddd3a1a21740d506d2c183d6b6e36a
4
reference_url https://github.com/intlify/vue-i18n/commit/feaf13fcff427f2cb1d5ec8076e639506ba28f9e
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/intlify/vue-i18n/commit/feaf13fcff427f2cb1d5ec8076e639506ba28f9e
5
reference_url https://github.com/intlify/vue-i18n/releases/tag/v10.0.6
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/intlify/vue-i18n/releases/tag/v10.0.6
6
reference_url https://github.com/intlify/vue-i18n/releases/tag/v11.1.2
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/intlify/vue-i18n/releases/tag/v11.1.2
7
reference_url https://github.com/intlify/vue-i18n/releases/tag/v9.14.3
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/intlify/vue-i18n/releases/tag/v9.14.3
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27597
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27597
9
reference_url https://github.com/intlify/vue-i18n/commit/4bb6eacda7fc2cde5687549afa0efb27ca40862a
reference_id 4bb6eacda7fc2cde5687549afa0efb27ca40862a
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-07T17:59:31Z/
url https://github.com/intlify/vue-i18n/commit/4bb6eacda7fc2cde5687549afa0efb27ca40862a
10
reference_url https://github.com/advisories/GHSA-p2ph-7g93-hw3m
reference_id GHSA-p2ph-7g93-hw3m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p2ph-7g93-hw3m
11
reference_url https://github.com/intlify/vue-i18n/security/advisories/GHSA-p2ph-7g93-hw3m
reference_id GHSA-p2ph-7g93-hw3m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-07T17:59:31Z/
url https://github.com/intlify/vue-i18n/security/advisories/GHSA-p2ph-7g93-hw3m
fixed_packages
0
url pkg:npm/vue-i18n@9.14.3
purl pkg:npm/vue-i18n@9.14.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gd4n-e4q3-mufa
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vue-i18n@9.14.3
1
url pkg:npm/vue-i18n@10.0.6
purl pkg:npm/vue-i18n@10.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gd4n-e4q3-mufa
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vue-i18n@10.0.6
2
url pkg:npm/vue-i18n@11.1.2
purl pkg:npm/vue-i18n@11.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gd4n-e4q3-mufa
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vue-i18n@11.1.2
aliases CVE-2025-27597, GHSA-p2ph-7g93-hw3m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rnpx-k35u-uqd2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/vue-i18n@9.14.3