Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40cap-js/postgres@2.3.0
Typenpm
Namespace@cap-js
Namepostgres
Version2.3.0
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-uc8t-1eay-4yfu
vulnerability_id VCID-uc8t-1eay-4yfu
summary Supply chain compromise via malicious package versions (@cap-js/sqlite, @cap-js/postgres, @cap-js/db-service)
references
0
reference_url https://github.com/cap-js/cds-dbs
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/cap-js/cds-dbs
1
reference_url https://me.sap.com/notes/3747787
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://me.sap.com/notes/3747787
2
reference_url https://www.sap.com/documents/2026/05/8203a8b9-4d7f-0010-bca6-c68f7e60039b.html
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.sap.com/documents/2026/05/8203a8b9-4d7f-0010-bca6-c68f7e60039b.html
3
reference_url https://www.stepsecurity.io/blog/a-mini-shai-hulud-has-appeared
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.stepsecurity.io/blog/a-mini-shai-hulud-has-appeared
4
reference_url https://github.com/advisories/GHSA-pvw4-cvr4-97p8
reference_id GHSA-pvw4-cvr4-97p8
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pvw4-cvr4-97p8
5
reference_url https://github.com/cap-js/cds-dbs/security/advisories/GHSA-pvw4-cvr4-97p8
reference_id GHSA-pvw4-cvr4-97p8
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/cap-js/cds-dbs/security/advisories/GHSA-pvw4-cvr4-97p8
fixed_packages
0
url pkg:npm/%40cap-js/postgres@2.3.0
purl pkg:npm/%40cap-js/postgres@2.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540cap-js/postgres@2.3.0
aliases CVE-2026-46421, GHSA-pvw4-cvr4-97p8
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uc8t-1eay-4yfu
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540cap-js/postgres@2.3.0