Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/connect@2.3.3

Type npm

Namespace

Name connect

Version 2.3.3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.14.0

Latest_non_vulnerable_version 2.14.0

Affected_by_vulnerabilities

url VCID-a96c-xts2-suaq

vulnerability_id VCID-a96c-xts2-suaq

summary node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7370.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7370.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-7370

reference_id

reference_type

scores

value	0.01082
scoring_system	epss
scoring_elements	0.7827
published_at	2026-06-11T12:55:00Z

value	0.01082
scoring_system	epss
scoring_elements	0.78338
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-7370

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7370

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7370

reference_url

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-7370

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-7370

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7370
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7370

reference_url

https://github.com/senchalabs/connect/commit/126187c4e12162e231b87350740045e5bb06e93a

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/senchalabs/connect/commit/126187c4e12162e231b87350740045e5bb06e93a

reference_url

https://github.com/senchalabs/connect/commit/277e5aad6a95d00f55571a9a0e11f2fa190d8135

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/senchalabs/connect/commit/277e5aad6a95d00f55571a9a0e11f2fa190d8135

reference_url

https://github.com/senchalabs/connect/issues/831

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/senchalabs/connect/issues/831

reference_url	https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting
reference_id
reference_type
scores
url	https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting

reference_url

https://www.npmjs.com/advisories/3

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/advisories/3

reference_url

http://www.openwall.com/lists/oss-security/2014/04/21/2

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/04/21/2

reference_url

http://www.openwall.com/lists/oss-security/2014/05/13/1

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/05/13/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1091166
reference_id	1091166
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1091166

reference_url

https://github.com/nodejs/security-wg/blob/main/vuln/npm/3.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements

url

https://github.com/nodejs/security-wg/blob/main/vuln/npm/3.json

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744374
reference_id	744374
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744374

reference_url

https://access.redhat.com/security/cve/cve-2013-7370

reference_id

CVE-2013-7370

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/cve-2013-7370

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-7370

reference_id

CVE-2013-7370

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-7370

reference_url

https://security-tracker.debian.org/tracker/CVE-2013-7370

reference_id

CVE-2013-7370

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://security-tracker.debian.org/tracker/CVE-2013-7370

reference_url

https://github.com/advisories/GHSA-3fw8-66wf-pr7m

reference_id

GHSA-3fw8-66wf-pr7m

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3fw8-66wf-pr7m

fixed_packages

url pkg:npm/connect@2.8.1

purl pkg:npm/connect@2.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-db52-aadj-cfg5

vulnerability	VCID-qw3z-8hc5-9feq

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/connect@2.8.1

aliases CVE-2013-7370, GHSA-3fw8-66wf-pr7m

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a96c-xts2-suaq

url VCID-db52-aadj-cfg5

vulnerability_id VCID-db52-aadj-cfg5

summary Node Connect Reflected Cross-Site Scripting in Sencha Labs Connect middleware

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-7371

reference_id

reference_type

scores

value	0.00579
scoring_system	epss
scoring_elements	0.69357
published_at	2026-06-11T12:55:00Z

value	0.00579
scoring_system	epss
scoring_elements	0.69448
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-7371

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/92710

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/92710

reference_url

https://github.com/senchalabs/connect

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/senchalabs/connect

reference_url

https://github.com/senchalabs/connect/commit/126187c4e12162e231b87350740045e5bb06e93a

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/senchalabs/connect/commit/126187c4e12162e231b87350740045e5bb06e93a

reference_url

https://github.com/senchalabs/connect/commit/277e5aad6a95d00f55571a9a0e11f2fa190d8135

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/senchalabs/connect/commit/277e5aad6a95d00f55571a9a0e11f2fa190d8135

reference_url

https://github.com/senchalabs/connect/issues/831

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/senchalabs/connect/issues/831

reference_url

https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting

reference_url

http://www.openwall.com/lists/oss-security/2014/04/21/2

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/04/21/2

reference_url

http://www.openwall.com/lists/oss-security/2014/05/13/1

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/05/13/1

reference_url

https://github.com/nodejs/security-wg/blob/main/vuln/npm/3.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements

url

https://github.com/nodejs/security-wg/blob/main/vuln/npm/3.json

reference_url

https://access.redhat.com/security/cve/cve-2013-7371

reference_id

CVE-2013-7371

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/cve-2013-7371

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-7371

reference_id

CVE-2013-7371

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-7371

reference_url

https://security-tracker.debian.org/tracker/CVE-2013-7371

reference_id

CVE-2013-7371

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security-tracker.debian.org/tracker/CVE-2013-7371

reference_url

https://github.com/advisories/GHSA-6w62-83g6-rfhj

reference_id

GHSA-6w62-83g6-rfhj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6w62-83g6-rfhj

fixed_packages

url pkg:npm/connect@2.8.1

purl pkg:npm/connect@2.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-db52-aadj-cfg5

vulnerability	VCID-qw3z-8hc5-9feq

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/connect@2.8.1

url pkg:npm/connect@2.8.2

purl pkg:npm/connect@2.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qw3z-8hc5-9feq

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/connect@2.8.2

aliases CVE-2013-7371, GHSA-6w62-83g6-rfhj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-db52-aadj-cfg5

url VCID-qw3z-8hc5-9feq

vulnerability_id VCID-qw3z-8hc5-9feq

summary Cross-Site Scripting in connect

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3717.json

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3717.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-3717

reference_id

reference_type

scores

value	0.00332
scoring_system	epss
scoring_elements	0.56468
published_at	2026-06-11T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56587
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-3717

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3717
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3717

reference_url

https://github.com/JacksonTian/anywhere/issues/33#issuecomment-366527448

reference_id

reference_type

scores

value	9.6
scoring_system	cvssv3
scoring_elements

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/JacksonTian/anywhere/issues/33#issuecomment-366527448

reference_url

https://github.com/senchalabs/connect/commit/6d5dd30075d2bc4ee97afdbbe3d9d98d8d52d74b

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/senchalabs/connect/commit/6d5dd30075d2bc4ee97afdbbe3d9d98d8d52d74b

reference_url

https://hackerone.com/reports/309394

reference_id

reference_type

scores

value	9.6
scoring_system	cvssv3
scoring_elements

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/309394

reference_url

https://hackerone.com/reports/309641

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3
scoring_elements

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/309641

reference_url

https://www.npmjs.com/advisories/584

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/advisories/584

reference_url

https://www.npmjs.com/advisories/595

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/advisories/595

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1588799
reference_id	1588799
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1588799

reference_url

https://github.com/nodejs/security-wg/blob/main/vuln/npm/379.json

reference_id

379

reference_type

scores

value	9.6
scoring_system	cvssv3
scoring_elements

url

https://github.com/nodejs/security-wg/blob/main/vuln/npm/379.json

reference_url

https://github.com/nodejs/security-wg/blob/main/vuln/npm/390.json

reference_id

390

reference_type

scores

value	7.7
scoring_system	cvssv3
scoring_elements

url

https://github.com/nodejs/security-wg/blob/main/vuln/npm/390.json

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-3717

reference_id

CVE-2018-3717

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-3717

reference_url

https://github.com/advisories/GHSA-rch9-xh7r-mqgw

reference_id

GHSA-rch9-xh7r-mqgw

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-rch9-xh7r-mqgw

fixed_packages

url	pkg:npm/connect@2.14.0
purl	pkg:npm/connect@2.14.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/connect@2.14.0

aliases CVE-2018-3717, GHSA-rch9-xh7r-mqgw

risk_score 4.3

exploitability 0.5

weighted_severity 8.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qw3z-8hc5-9feq

url VCID-u1e4-9vsb-23fp

vulnerability_id VCID-u1e4-9vsb-23fp

summary

Cross-Site Scripting with connect.methodOverride()
The middleware overwrites req.method with the req.body['_method'] value. When you don't catch the error it responds with a default error msg: "Cannot [METHOD] [URL]" . Because this is not enough sanitized, you can force a Cross-Site Scripting in the response.

references

reference_url	https://github.com/senchalabs/connect/issues/831
reference_id
reference_type
scores
url	https://github.com/senchalabs/connect/issues/831

fixed_packages

url pkg:npm/connect@2.8.1

purl pkg:npm/connect@2.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-db52-aadj-cfg5

vulnerability	VCID-qw3z-8hc5-9feq

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/connect@2.8.1

aliases GMS-2013-13

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u1e4-9vsb-23fp

Fixing_vulnerabilities

Risk_score 4.3

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/connect@2.3.3

Package Instance