{"url":"http://public2.vulnerablecode.io/api/packages/468318?format=json","purl":"pkg:npm/grunt@0.2.9","type":"npm","namespace":"","name":"grunt","version":"0.2.9","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.5.3","latest_non_vulnerable_version":"1.5.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/196595?format=json","vulnerability_id":"VCID-3dc8-vus9-sfgv","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1537.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1537.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1537","reference_id":"","reference_type":"","scores":[{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.48168","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1537"},{"reference_url":"https://github.com/gruntjs/grunt","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/gruntjs/grunt"},{"reference_url":"https://github.com/gruntjs/grunt/commit/58016ffac5ed9338b63ecc2a63710f5027362bae","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/gruntjs/grunt/commit/58016ffac5ed9338b63ecc2a63710f5027362bae"},{"reference_url":"https://huntr.dev/bounties/0179c3e5-bc02-4fc9-8491-a1a319b51b4d","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/0179c3e5-bc02-4fc9-8491-a1a319b51b4d"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00006.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2083902","reference_id":"2083902","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2083902"},{"reference_url":"https://security.archlinux.org/AVG-2827","reference_id":"AVG-2827","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2827"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1537","reference_id":"CVE-2022-1537","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1537"},{"reference_url":"https://github.com/advisories/GHSA-rm36-94g8-835r","reference_id":"GHSA-rm36-94g8-835r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rm36-94g8-835r"},{"reference_url":"https://usn.ubuntu.com/5847-1/","reference_id":"USN-5847-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5847-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20854?format=json","purl":"pkg:npm/grunt@1.5.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/grunt@1.5.3"}],"aliases":["CVE-2022-1537","GHSA-rm36-94g8-835r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3dc8-vus9-sfgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/196596?format=json","vulnerability_id":"VCID-cubc-3vya-zyen","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0436","reference_id":"","reference_type":"","scores":[{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27119","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0436","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0436"},{"reference_url":"https://github.com/gruntjs/grunt","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/gruntjs/grunt"},{"reference_url":"https://github.com/gruntjs/grunt/commit/aad3d4521c3098fb255fb2db8f2e1d691a033665","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/gruntjs/grunt/commit/aad3d4521c3098fb255fb2db8f2e1d691a033665"},{"reference_url":"https://github.com/gruntjs/grunt/commit/b0ec6e12426fc8d5720dee1702f6a67455c5986c","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/gruntjs/grunt/commit/b0ec6e12426fc8d5720dee1702f6a67455c5986c"},{"reference_url":"https://github.com/gruntjs/grunt/pull/1743","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/gruntjs/grunt/pull/1743"},{"reference_url":"https://huntr.dev/bounties/f55315e9-9f6d-4dbb-8c40-bae50c1ae92b","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/f55315e9-9f6d-4dbb-8c40-bae50c1ae92b"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00008.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009676","reference_id":"1009676","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009676"},{"reference_url":"https://security.archlinux.org/AVG-2827","reference_id":"AVG-2827","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2827"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0436","reference_id":"CVE-2022-0436","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0436"},{"reference_url":"https://github.com/advisories/GHSA-j383-35pm-c5h4","reference_id":"GHSA-j383-35pm-c5h4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j383-35pm-c5h4"},{"reference_url":"https://usn.ubuntu.com/5847-1/","reference_id":"USN-5847-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5847-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20092?format=json","purl":"pkg:npm/grunt@1.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dc8-vus9-sfgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/grunt@1.5.2"}],"aliases":["CVE-2022-0436","GHSA-j383-35pm-c5h4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cubc-3vya-zyen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208090?format=json","vulnerability_id":"VCID-r6ub-wb71-fbey","summary":"The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7729","reference_id":"","reference_type":"","scores":[{"value":"0.02419","scoring_system":"epss","scoring_elements":"0.85451","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7729"},{"reference_url":"https://github.com/gruntjs/grunt/blob/master/lib/grunt/file.js%23L249","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/gruntjs/grunt/blob/master/lib/grunt/file.js%23L249"},{"reference_url":"https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00008.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7729","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7729"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-607922","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-607922"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-GRUNT-597546","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-GRUNT-597546"},{"reference_url":"https://usn.ubuntu.com/4595-1","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4595-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969668","reference_id":"969668","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969668"},{"reference_url":"https://usn.ubuntu.com/4595-1/","reference_id":"USN-4595-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4595-1/"},{"reference_url":"https://usn.ubuntu.com/5847-1/","reference_id":"USN-5847-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5847-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383678?format=json","purl":"pkg:npm/grunt@1.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dc8-vus9-sfgv"},{"vulnerability":"VCID-cubc-3vya-zyen"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/grunt@1.3.0"}],"aliases":["CVE-2020-7729","GHSA-m5pj-vjjf-4m3h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r6ub-wb71-fbey"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/grunt@0.2.9"}