Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/nodejs@0?arch=x86&distroversion=v3.16&reponame=main

Type apk

Namespace alpine

Name nodejs

Version 0

Qualifiers

arch	x86
distroversion	v3.16
reponame	main

Subpath

Is_vulnerable false

Next_non_vulnerable_version 6.11.1-r0

Latest_non_vulnerable_version 16.20.2-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-7tpb-9zrz-e7e1

vulnerability_id VCID-7tpb-9zrz-e7e1

summary Multiple vulnerabilities have been discovered in Node.js.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32212.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32212.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-32212

reference_id

reference_type

scores

value	0.00064
scoring_system	epss
scoring_elements	0.19983
published_at	2026-04-02T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.20041
published_at	2026-04-04T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19768
published_at	2026-04-07T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19848
published_at	2026-04-08T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19901
published_at	2026-04-09T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19911
published_at	2026-04-11T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19867
published_at	2026-04-12T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19809
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-32212

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2105422
reference_id	2105422
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2105422

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2022:6389
reference_id	RHSA-2022:6389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6389

reference_url	https://access.redhat.com/errata/RHSA-2022:6448
reference_id	RHSA-2022:6448
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6448

reference_url	https://access.redhat.com/errata/RHSA-2022:6449
reference_id	RHSA-2022:6449
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6449

reference_url	https://access.redhat.com/errata/RHSA-2022:6595
reference_id	RHSA-2022:6595
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6595

reference_url	https://access.redhat.com/errata/RHSA-2022:6985
reference_id	RHSA-2022:6985
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6985

reference_url	https://usn.ubuntu.com/6491-1/
reference_id	USN-6491-1
reference_type
scores
url	https://usn.ubuntu.com/6491-1/

fixed_packages

url	pkg:apk/alpine/nodejs@0?arch=x86&distroversion=v3.16&reponame=main
purl	pkg:apk/alpine/nodejs@0?arch=x86&distroversion=v3.16&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@0%3Farch=x86&distroversion=v3.16&reponame=main

aliases CVE-2022-32212

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7tpb-9zrz-e7e1

url VCID-pqzm-ped7-vkff

vulnerability_id VCID-pqzm-ped7-vkff

summary

Improper Input Validation
Next handling invalid or malformed URLs could lead to a server crash. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-43803

reference_id

reference_type

scores

value	0.0218
scoring_system	epss
scoring_elements	0.84281
published_at	2026-04-01T12:55:00Z

value	0.0218
scoring_system	epss
scoring_elements	0.84349
published_at	2026-04-13T12:55:00Z

value	0.0218
scoring_system	epss
scoring_elements	0.84353
published_at	2026-04-12T12:55:00Z

value	0.0218
scoring_system	epss
scoring_elements	0.8436
published_at	2026-04-11T12:55:00Z

value	0.0218
scoring_system	epss
scoring_elements	0.84342
published_at	2026-04-09T12:55:00Z

value	0.0218
scoring_system	epss
scoring_elements	0.84337
published_at	2026-04-08T12:55:00Z

value	0.0218
scoring_system	epss
scoring_elements	0.84315
published_at	2026-04-07T12:55:00Z

value	0.0218
scoring_system	epss
scoring_elements	0.84314
published_at	2026-04-04T12:55:00Z

value	0.0218
scoring_system	epss
scoring_elements	0.84294
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-43803

reference_url

https://github.com/vercel/next.js

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/vercel/next.js

reference_url

https://github.com/vercel/next.js/commit/6d98b4fb4315dec1badecf0e9bdc212a4272b264

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/vercel/next.js/commit/6d98b4fb4315dec1badecf0e9bdc212a4272b264

reference_url

https://github.com/vercel/next.js/pull/32080

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/vercel/next.js/pull/32080

reference_url

https://github.com/vercel/next.js/releases/tag/v11.1.3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/vercel/next.js/releases/tag/v11.1.3

reference_url

https://github.com/vercel/next.js/releases/v12.0.5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/vercel/next.js/releases/v12.0.5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-43803

reference_id

CVE-2021-43803

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-43803

reference_url

https://github.com/advisories/GHSA-25mp-g6fv-mqxx

reference_id

GHSA-25mp-g6fv-mqxx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-25mp-g6fv-mqxx

reference_url

https://github.com/vercel/next.js/security/advisories/GHSA-25mp-g6fv-mqxx

reference_id

GHSA-25mp-g6fv-mqxx

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/vercel/next.js/security/advisories/GHSA-25mp-g6fv-mqxx

fixed_packages

url	pkg:apk/alpine/nodejs@0?arch=x86&distroversion=v3.16&reponame=main
purl	pkg:apk/alpine/nodejs@0?arch=x86&distroversion=v3.16&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@0%3Farch=x86&distroversion=v3.16&reponame=main

aliases CVE-2021-43803, GHSA-25mp-g6fv-mqxx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pqzm-ped7-vkff

url VCID-tpck-fwrj-ruaq

vulnerability_id VCID-tpck-fwrj-ruaq

summary Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-32223

reference_id

reference_type

scores

value	0.06141
scoring_system	epss
scoring_elements	0.90818
published_at	2026-04-13T12:55:00Z

value	0.06141
scoring_system	epss
scoring_elements	0.90772
published_at	2026-04-02T12:55:00Z

value	0.06141
scoring_system	epss
scoring_elements	0.90783
published_at	2026-04-04T12:55:00Z

value	0.06141
scoring_system	epss
scoring_elements	0.90793
published_at	2026-04-07T12:55:00Z

value	0.06141
scoring_system	epss
scoring_elements	0.90804
published_at	2026-04-08T12:55:00Z

value	0.06141
scoring_system	epss
scoring_elements	0.90811
published_at	2026-04-09T12:55:00Z

value	0.06141
scoring_system	epss
scoring_elements	0.90819
published_at	2026-04-11T12:55:00Z

value	0.06141
scoring_system	epss
scoring_elements	0.9082
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-32223

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

fixed_packages

url	pkg:apk/alpine/nodejs@0?arch=x86&distroversion=v3.16&reponame=main
purl	pkg:apk/alpine/nodejs@0?arch=x86&distroversion=v3.16&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@0%3Farch=x86&distroversion=v3.16&reponame=main

aliases CVE-2022-32223

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tpck-fwrj-ruaq

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@0%3Farch=x86&distroversion=v3.16&reponame=main

Package Instance