Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/highlight.js@10.7.3%2Bdfsg-5?distro=trixie
Typedeb
Namespacedebian
Namehighlight.js
Version10.7.3+dfsg-5
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-qrrb-v6d8-7ffu
vulnerability_id VCID-qrrb-v6d8-7ffu
summary Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting. If you allow users to insert custom HTML code blocks into your page/app via parsing Markdown code blocks (or similar) and do not filter the language names the user can provide you may be vulnerable. The pollution should just be harmless data but this can cause problems for applications not expecting these properties to exist and can result in strange behavior or application crashes, i.e. a potential DOS vector. If your website or application does not render user provided data it should be unaffected. Versions 9.18.2 and 10.1.2 and newer include fixes for this vulnerability. If you are using version 7 or 8 you are encouraged to upgrade to a newer release.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26237.json
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26237.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26237
reference_id
reference_type
scores
0
value 0.00602
scoring_system epss
scoring_elements 0.7
published_at 2026-06-11T12:55:00Z
1
value 0.00602
scoring_system epss
scoring_elements 0.70091
published_at 2026-06-12T12:55:00Z
2
value 0.00602
scoring_system epss
scoring_elements 0.70105
published_at 2026-06-13T12:55:00Z
3
value 0.00602
scoring_system epss
scoring_elements 0.70104
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26237
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26237
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26237
3
reference_url https://github.com/highlightjs/highlight.js
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/highlightjs/highlight.js
4
reference_url https://github.com/highlightjs/highlight.js/commit/7241013ae011a585983e176ddc0489a7a52f6bb0
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/highlightjs/highlight.js/commit/7241013ae011a585983e176ddc0489a7a52f6bb0
5
reference_url https://github.com/highlightjs/highlight.js/pull/2636
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/highlightjs/highlight.js/pull/2636
6
reference_url https://github.com/highlightjs/highlight.js/security/advisories/GHSA-vfrc-7r7c-w9mx
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/highlightjs/highlight.js/security/advisories/GHSA-vfrc-7r7c-w9mx
7
reference_url https://lists.debian.org/debian-lts-announce/2020/12/msg00041.html
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/12/msg00041.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26237
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26237
9
reference_url https://www.npmjs.com/package/highlight.js
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/highlight.js
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1901662
reference_id 1901662
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1901662
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976446
reference_id 976446
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976446
12
reference_url https://github.com/advisories/GHSA-vfrc-7r7c-w9mx
reference_id GHSA-vfrc-7r7c-w9mx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vfrc-7r7c-w9mx
13
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
14
reference_url https://usn.ubuntu.com/8276-1/
reference_id USN-8276-1
reference_type
scores
url https://usn.ubuntu.com/8276-1/
fixed_packages
0
url pkg:deb/debian/highlight.js@9.18.1%2Bdfsg1-3?distro=trixie
purl pkg:deb/debian/highlight.js@9.18.1%2Bdfsg1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/highlight.js@9.18.1%252Bdfsg1-3%3Fdistro=trixie
1
url pkg:deb/debian/highlight.js@9.18.5%2Bdfsg1-1?distro=trixie
purl pkg:deb/debian/highlight.js@9.18.5%2Bdfsg1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/highlight.js@9.18.5%252Bdfsg1-1%3Fdistro=trixie
2
url pkg:deb/debian/highlight.js@9.18.5%2Bdfsg1-2?distro=trixie
purl pkg:deb/debian/highlight.js@9.18.5%2Bdfsg1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/highlight.js@9.18.5%252Bdfsg1-2%3Fdistro=trixie
3
url pkg:deb/debian/highlight.js@10.7.3%2Bdfsg-5?distro=trixie
purl pkg:deb/debian/highlight.js@10.7.3%2Bdfsg-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/highlight.js@10.7.3%252Bdfsg-5%3Fdistro=trixie
aliases CVE-2020-26237, GHSA-vfrc-7r7c-w9mx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qrrb-v6d8-7ffu
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/highlight.js@10.7.3%252Bdfsg-5%3Fdistro=trixie