Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/nodejs@12.18.0-r0?arch=armhf&distroversion=edge&reponame=main

Type apk

Namespace alpine

Name nodejs

Version 12.18.0-r0

Qualifiers

arch	armhf
distroversion	edge
reponame	main

Subpath

Is_vulnerable false

Next_non_vulnerable_version 12.18.4-r0

Latest_non_vulnerable_version 24.14.1-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-a3rs-cb5z-cbb8

vulnerability_id VCID-a3rs-cb5z-cbb8

summary TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8172.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8172.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8172

reference_id

reference_type

scores

value	0.01183
scoring_system	epss
scoring_elements	0.79111
published_at	2026-06-04T12:55:00Z

value	0.01183
scoring_system	epss
scoring_elements	0.79138
published_at	2026-06-05T12:55:00Z

value	0.01183
scoring_system	epss
scoring_elements	0.79143
published_at	2026-06-06T12:55:00Z

value	0.01183
scoring_system	epss
scoring_elements	0.79133
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8172

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1845247
reference_id	1845247
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1845247

reference_url	https://access.redhat.com/errata/RHSA-2020:2847
reference_id	RHSA-2020:2847
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2847

reference_url	https://access.redhat.com/errata/RHSA-2020:2852
reference_id	RHSA-2020:2852
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2852

reference_url	https://access.redhat.com/errata/RHSA-2020:2895
reference_id	RHSA-2020:2895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2895

fixed_packages

url	pkg:apk/alpine/nodejs@12.18.0-r0?arch=armhf&distroversion=edge&reponame=main
purl	pkg:apk/alpine/nodejs@12.18.0-r0?arch=armhf&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@12.18.0-r0%3Farch=armhf&distroversion=edge&reponame=main

aliases CVE-2020-8172

risk_score 3.4

exploitability 0.5

weighted_severity 6.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a3rs-cb5z-cbb8

url VCID-dczz-4wtw-83b9

vulnerability_id VCID-dczz-4wtw-83b9

summary In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11080.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11080.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-11080

reference_id

reference_type

scores

value	0.01247
scoring_system	epss
scoring_elements	0.79666
published_at	2026-06-07T12:55:00Z

value	0.01247
scoring_system	epss
scoring_elements	0.79638
published_at	2026-06-04T12:55:00Z

value	0.01247
scoring_system	epss
scoring_elements	0.79665
published_at	2026-06-05T12:55:00Z

value	0.01247
scoring_system	epss
scoring_elements	0.7967
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-11080

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1844929
reference_id	1844929
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1844929

reference_url

https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090

reference_id

336a98feb0d56b9ac54e12736b18785c27f75090

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/

url

https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/

reference_id

4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145
reference_id	962145
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAC2AA36OTRHKSVM5OV7TTVB3CZIGEFL/

reference_id

AAC2AA36OTRHKSVM5OV7TTVB3CZIGEFL

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAC2AA36OTRHKSVM5OV7TTVB3CZIGEFL/

reference_url

https://www.debian.org/security/2020/dsa-4696

reference_id

dsa-4696

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/

url

https://www.debian.org/security/2020/dsa-4696

reference_url

https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394

reference_id

f8da73bd042f810f34d19f9eae02b46d870af394

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/

url

https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394

reference_url

https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr

reference_id

GHSA-q5wr-xfw9-q7xr

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/

url

https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr

reference_url

https://lists.debian.org/debian-lts-announce/2021/10/msg00011.html

reference_id

msg00011.html

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/

url

https://lists.debian.org/debian-lts-announce/2021/10/msg00011.html

reference_url	https://access.redhat.com/errata/RHSA-2020:2523
reference_id	RHSA-2020:2523
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2523

reference_url	https://access.redhat.com/errata/RHSA-2020:2524
reference_id	RHSA-2020:2524
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2524

reference_url	https://access.redhat.com/errata/RHSA-2020:2644
reference_id	RHSA-2020:2644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2644

reference_url	https://access.redhat.com/errata/RHSA-2020:2646
reference_id	RHSA-2020:2646
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2646

reference_url	https://access.redhat.com/errata/RHSA-2020:2755
reference_id	RHSA-2020:2755
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2755

reference_url	https://access.redhat.com/errata/RHSA-2020:2784
reference_id	RHSA-2020:2784
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2784

reference_url	https://access.redhat.com/errata/RHSA-2020:2823
reference_id	RHSA-2020:2823
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2823

reference_url	https://access.redhat.com/errata/RHSA-2020:2847
reference_id	RHSA-2020:2847
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2847

reference_url	https://access.redhat.com/errata/RHSA-2020:2848
reference_id	RHSA-2020:2848
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2848

reference_url	https://access.redhat.com/errata/RHSA-2020:2849
reference_id	RHSA-2020:2849
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2849

reference_url	https://access.redhat.com/errata/RHSA-2020:2850
reference_id	RHSA-2020:2850
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2850

reference_url	https://access.redhat.com/errata/RHSA-2020:2852
reference_id	RHSA-2020:2852
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2852

reference_url	https://access.redhat.com/errata/RHSA-2020:2895
reference_id	RHSA-2020:2895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2895

reference_url	https://access.redhat.com/errata/RHSA-2020:3042
reference_id	RHSA-2020:3042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3042

reference_url	https://access.redhat.com/errata/RHSA-2020:3084
reference_id	RHSA-2020:3084
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3084

reference_url	https://usn.ubuntu.com/6142-1/
reference_id	USN-6142-1
reference_type
scores
url	https://usn.ubuntu.com/6142-1/

fixed_packages

url	pkg:apk/alpine/nodejs@12.18.0-r0?arch=armhf&distroversion=edge&reponame=main
purl	pkg:apk/alpine/nodejs@12.18.0-r0?arch=armhf&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@12.18.0-r0%3Farch=armhf&distroversion=edge&reponame=main

aliases CVE-2020-11080

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dczz-4wtw-83b9

url VCID-yrkf-wku1-ykbx

vulnerability_id VCID-yrkf-wku1-ykbx

summary napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8174.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8174.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8174

reference_id

reference_type

scores

value	0.01491
scoring_system	epss
scoring_elements	0.81388
published_at	2026-06-04T12:55:00Z

value	0.01491
scoring_system	epss
scoring_elements	0.81415
published_at	2026-06-05T12:55:00Z

value	0.01491
scoring_system	epss
scoring_elements	0.81418
published_at	2026-06-06T12:55:00Z

value	0.01491
scoring_system	epss
scoring_elements	0.81416
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8174

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1845256
reference_id	1845256
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1845256

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145
reference_id	962145
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145

reference_url	https://access.redhat.com/errata/RHSA-2020:2847
reference_id	RHSA-2020:2847
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2847

reference_url	https://access.redhat.com/errata/RHSA-2020:2848
reference_id	RHSA-2020:2848
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2848

reference_url	https://access.redhat.com/errata/RHSA-2020:2849
reference_id	RHSA-2020:2849
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2849

reference_url	https://access.redhat.com/errata/RHSA-2020:2852
reference_id	RHSA-2020:2852
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2852

reference_url	https://access.redhat.com/errata/RHSA-2020:2895
reference_id	RHSA-2020:2895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2895

reference_url	https://access.redhat.com/errata/RHSA-2020:3042
reference_id	RHSA-2020:3042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3042

reference_url	https://access.redhat.com/errata/RHSA-2020:3084
reference_id	RHSA-2020:3084
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3084

reference_url	https://usn.ubuntu.com/6380-1/
reference_id	USN-6380-1
reference_type
scores
url	https://usn.ubuntu.com/6380-1/

fixed_packages

url	pkg:apk/alpine/nodejs@12.18.0-r0?arch=armhf&distroversion=edge&reponame=main
purl	pkg:apk/alpine/nodejs@12.18.0-r0?arch=armhf&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@12.18.0-r0%3Farch=armhf&distroversion=edge&reponame=main

aliases CVE-2020-8174

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yrkf-wku1-ykbx

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@12.18.0-r0%3Farch=armhf&distroversion=edge&reponame=main

Package Instance