Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/nodejs-current@11.3.0-r0?arch=x86_64&distroversion=v3.22&reponame=community
Typeapk
Namespacealpine
Namenodejs-current
Version11.3.0-r0
Qualifiers
arch x86_64
distroversion v3.22
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version11.10.1-r0
Latest_non_vulnerable_version21.7.2-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-7qvb-vmm3-eud8
vulnerability_id VCID-7qvb-vmm3-eud8
summary The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0735.json
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0735.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-0735
reference_id
reference_type
scores
0
value 0.04803
scoring_system epss
scoring_elements 0.89694
published_at 2026-06-07T12:55:00Z
1
value 0.04803
scoring_system epss
scoring_elements 0.89676
published_at 2026-06-04T12:55:00Z
2
value 0.04803
scoring_system epss
scoring_elements 0.89693
published_at 2026-06-05T12:55:00Z
3
value 0.04803
scoring_system epss
scoring_elements 0.89695
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-0735
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1644356
reference_id 1644356
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1644356
9
reference_url https://security.archlinux.org/ASA-201812-5
reference_id ASA-201812-5
reference_type
scores
url https://security.archlinux.org/ASA-201812-5
10
reference_url https://security.archlinux.org/ASA-201812-6
reference_id ASA-201812-6
reference_type
scores
url https://security.archlinux.org/ASA-201812-6
11
reference_url https://security.archlinux.org/AVG-792
reference_id AVG-792
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-792
12
reference_url https://security.archlinux.org/AVG-793
reference_id AVG-793
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-793
13
reference_url https://access.redhat.com/errata/RHSA-2019:0483
reference_id RHSA-2019:0483
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0483
14
reference_url https://access.redhat.com/errata/RHSA-2019:3700
reference_id RHSA-2019:3700
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3700
15
reference_url https://usn.ubuntu.com/3840-1/
reference_id USN-3840-1
reference_type
scores
url https://usn.ubuntu.com/3840-1/
fixed_packages
0
url pkg:apk/alpine/nodejs-current@11.3.0-r0?arch=x86_64&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/nodejs-current@11.3.0-r0?arch=x86_64&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs-current@11.3.0-r0%3Farch=x86_64&distroversion=v3.22&reponame=community
aliases CVE-2018-0735
risk_score 2.3
exploitability 0.5
weighted_severity 4.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7qvb-vmm3-eud8
1
url VCID-ghfc-gacr-9uhq
vulnerability_id VCID-ghfc-gacr-9uhq
summary Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12121.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12121.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12121
reference_id
reference_type
scores
0
value 0.05572
scoring_system epss
scoring_elements 0.90449
published_at 2026-06-04T12:55:00Z
1
value 0.05572
scoring_system epss
scoring_elements 0.90463
published_at 2026-06-05T12:55:00Z
2
value 0.05572
scoring_system epss
scoring_elements 0.9046
published_at 2026-06-08T12:55:00Z
3
value 0.05572
scoring_system epss
scoring_elements 0.90464
published_at 2026-06-06T12:55:00Z
4
value 0.05572
scoring_system epss
scoring_elements 0.90461
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12121
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12121
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12121
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1661002
reference_id 1661002
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1661002
5
reference_url https://access.redhat.com/errata/RHSA-2019:2258
reference_id RHSA-2019:2258
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2258
6
reference_url https://access.redhat.com/errata/RHSA-2019:2939
reference_id RHSA-2019:2939
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2939
7
reference_url https://access.redhat.com/errata/RHSA-2019:3497
reference_id RHSA-2019:3497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3497
fixed_packages
0
url pkg:apk/alpine/nodejs-current@11.3.0-r0?arch=x86_64&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/nodejs-current@11.3.0-r0?arch=x86_64&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs-current@11.3.0-r0%3Farch=x86_64&distroversion=v3.22&reponame=community
aliases CVE-2018-12121
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ghfc-gacr-9uhq
2
url VCID-h92z-6ze3-m3cy
vulnerability_id VCID-h92z-6ze3-m3cy
summary The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0734.json
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0734.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-0734
reference_id
reference_type
scores
0
value 0.05057
scoring_system epss
scoring_elements 0.8996
published_at 2026-06-08T12:55:00Z
1
value 0.05057
scoring_system epss
scoring_elements 0.89948
published_at 2026-06-04T12:55:00Z
2
value 0.05057
scoring_system epss
scoring_elements 0.89964
published_at 2026-06-06T12:55:00Z
3
value 0.05057
scoring_system epss
scoring_elements 0.89961
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-0734
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1644364
reference_id 1644364
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1644364
9
reference_url https://security.archlinux.org/ASA-201812-5
reference_id ASA-201812-5
reference_type
scores
url https://security.archlinux.org/ASA-201812-5
10
reference_url https://security.archlinux.org/ASA-201812-6
reference_id ASA-201812-6
reference_type
scores
url https://security.archlinux.org/ASA-201812-6
11
reference_url https://security.archlinux.org/AVG-792
reference_id AVG-792
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-792
12
reference_url https://security.archlinux.org/AVG-793
reference_id AVG-793
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-793
13
reference_url https://access.redhat.com/errata/RHSA-2019:2304
reference_id RHSA-2019:2304
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2304
14
reference_url https://access.redhat.com/errata/RHSA-2019:3700
reference_id RHSA-2019:3700
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3700
15
reference_url https://access.redhat.com/errata/RHSA-2019:3932
reference_id RHSA-2019:3932
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3932
16
reference_url https://access.redhat.com/errata/RHSA-2019:3933
reference_id RHSA-2019:3933
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3933
17
reference_url https://access.redhat.com/errata/RHSA-2019:3935
reference_id RHSA-2019:3935
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3935
18
reference_url https://usn.ubuntu.com/3840-1/
reference_id USN-3840-1
reference_type
scores
url https://usn.ubuntu.com/3840-1/
fixed_packages
0
url pkg:apk/alpine/nodejs-current@11.3.0-r0?arch=x86_64&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/nodejs-current@11.3.0-r0?arch=x86_64&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs-current@11.3.0-r0%3Farch=x86_64&distroversion=v3.22&reponame=community
aliases CVE-2018-0734
risk_score 2.3
exploitability 0.5
weighted_severity 4.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h92z-6ze3-m3cy
3
url VCID-pk6a-xg7w-2khx
vulnerability_id VCID-pk6a-xg7w-2khx
summary Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12122.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12122.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12122
reference_id
reference_type
scores
0
value 0.02342
scoring_system epss
scoring_elements 0.85161
published_at 2026-06-04T12:55:00Z
1
value 0.02342
scoring_system epss
scoring_elements 0.85186
published_at 2026-06-05T12:55:00Z
2
value 0.02342
scoring_system epss
scoring_elements 0.85173
published_at 2026-06-08T12:55:00Z
3
value 0.02342
scoring_system epss
scoring_elements 0.8519
published_at 2026-06-06T12:55:00Z
4
value 0.02342
scoring_system epss
scoring_elements 0.85184
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12122
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12122
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1661005
reference_id 1661005
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1661005
5
reference_url https://access.redhat.com/errata/RHSA-2019:2939
reference_id RHSA-2019:2939
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2939
6
reference_url https://usn.ubuntu.com/USN-4796-1/
reference_id USN-USN-4796-1
reference_type
scores
url https://usn.ubuntu.com/USN-4796-1/
fixed_packages
0
url pkg:apk/alpine/nodejs-current@11.3.0-r0?arch=x86_64&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/nodejs-current@11.3.0-r0?arch=x86_64&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs-current@11.3.0-r0%3Farch=x86_64&distroversion=v3.22&reponame=community
aliases CVE-2018-12122
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pk6a-xg7w-2khx
4
url VCID-ukw6-ufuj-37hp
vulnerability_id VCID-ukw6-ufuj-37hp
summary Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12123.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12123.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12123
reference_id
reference_type
scores
0
value 0.03942
scoring_system epss
scoring_elements 0.88549
published_at 2026-06-04T12:55:00Z
1
value 0.03942
scoring_system epss
scoring_elements 0.88566
published_at 2026-06-05T12:55:00Z
2
value 0.03942
scoring_system epss
scoring_elements 0.88567
published_at 2026-06-08T12:55:00Z
3
value 0.03942
scoring_system epss
scoring_elements 0.88569
published_at 2026-06-06T12:55:00Z
4
value 0.03942
scoring_system epss
scoring_elements 0.88568
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12123
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12123
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12123
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1661010
reference_id 1661010
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1661010
5
reference_url https://access.redhat.com/errata/RHSA-2019:2939
reference_id RHSA-2019:2939
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2939
6
reference_url https://usn.ubuntu.com/USN-4796-1/
reference_id USN-USN-4796-1
reference_type
scores
url https://usn.ubuntu.com/USN-4796-1/
fixed_packages
0
url pkg:apk/alpine/nodejs-current@11.3.0-r0?arch=x86_64&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/nodejs-current@11.3.0-r0?arch=x86_64&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs-current@11.3.0-r0%3Farch=x86_64&distroversion=v3.22&reponame=community
aliases CVE-2018-12123
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ukw6-ufuj-37hp
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs-current@11.3.0-r0%3Farch=x86_64&distroversion=v3.22&reponame=community