Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/forms@0.7.0

Type npm

Namespace

Name forms

Version 0.7.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.2.1

Latest_non_vulnerable_version 1.3.2

Affected_by_vulnerabilities

url VCID-1scz-cjfg-cqbw

vulnerability_id VCID-1scz-cjfg-cqbw

summary

XSS Vulnerability
Forms did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting

references

reference_url	https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d
reference_id
reference_type
scores
url	https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d

fixed_packages

url pkg:npm/forms@1.3.0

purl pkg:npm/forms@1.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dnxp-jqjq-g7b8

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/forms@1.3.0

aliases GMS-2017-125

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1scz-cjfg-cqbw

url VCID-dnxp-jqjq-g7b8

vulnerability_id VCID-dnxp-jqjq-g7b8

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-23388

reference_id

reference_type

scores

value	0.00372
scoring_system	epss
scoring_elements	0.59359
published_at	2026-06-11T12:55:00Z

value	0.00372
scoring_system	epss
scoring_elements	0.59469
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-23388

reference_url

https://github.com/caolan/forms/pull/214

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/caolan/forms/pull/214

reference_url

https://github.com/caolan/forms/pull/214/commits/d4bd5b5febfe49c1f585f162e04ec810f8dc47a0

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/caolan/forms/pull/214/commits/d4bd5b5febfe49c1f585f162e04ec810f8dc47a0

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-23388

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-23388

reference_url

https://snyk.io/vuln/SNYK-JS-FORMS-1296389

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-FORMS-1296389

reference_url

https://github.com/advisories/GHSA-c56f-grv3-gpfr

reference_id

GHSA-c56f-grv3-gpfr

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c56f-grv3-gpfr

fixed_packages

url	pkg:npm/forms@1.2.1
purl	pkg:npm/forms@1.2.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/forms@1.2.1

url	pkg:npm/forms@1.3.2
purl	pkg:npm/forms@1.3.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/forms@1.3.2

aliases CVE-2021-23388, GHSA-c56f-grv3-gpfr

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dnxp-jqjq-g7b8

url VCID-gkjn-1nbc-jydj

vulnerability_id VCID-gkjn-1nbc-jydj

summary Cross-Site Scripting in forms

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-16015

reference_id

reference_type

scores

value	0.0024
scoring_system	epss
scoring_elements	0.47527
published_at	2026-06-11T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47668
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-16015

reference_url

https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d

reference_url

https://www.npmjs.com/advisories/158

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/advisories/158

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-16015

reference_id

CVE-2017-16015

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-16015

reference_url

https://github.com/advisories/GHSA-vwjj-2852-3765

reference_id

GHSA-vwjj-2852-3765

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-vwjj-2852-3765

fixed_packages

url pkg:npm/forms@1.3.0

purl pkg:npm/forms@1.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dnxp-jqjq-g7b8

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/forms@1.3.0

aliases CVE-2017-16015, GHSA-vwjj-2852-3765

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gkjn-1nbc-jydj

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/forms@0.7.0

Package Instance