Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/total.js@3.4.4

Type npm

Namespace

Name total.js

Version 3.4.4

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-3j8u-nj8m-kqa4

vulnerability_id VCID-3j8u-nj8m-kqa4

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-23344

reference_id

reference_type

scores

value	0.12679
scoring_system	epss
scoring_elements	0.94142
published_at	2026-06-11T12:55:00Z

value	0.12679
scoring_system	epss
scoring_elements	0.94162
published_at	2026-06-12T12:55:00Z

value	0.12679
scoring_system	epss
scoring_elements	0.94167
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-23344

reference_url

https://github.com/totaljs/framework/commit/c812bbcab8981797d3a1b9993fc42dad3d246f04

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/totaljs/framework/commit/c812bbcab8981797d3a1b9993fc42dad3d246f04

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-23344

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-23344

reference_url

https://snyk.io/vuln/SNYK-JS-TOTALJS-1077069

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-TOTALJS-1077069

reference_url

https://github.com/advisories/GHSA-3wj8-vp9h-rm6m

reference_id

GHSA-3wj8-vp9h-rm6m

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3wj8-vp9h-rm6m

fixed_packages

url pkg:npm/total.js@3.4.8

purl pkg:npm/total.js@3.4.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q5pf-1e74-cfaw

vulnerability	VCID-qmuh-1ek8-vudf

vulnerability	VCID-taue-1pna-k3h9

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/total.js@3.4.8

aliases CVE-2021-23344, GHSA-3wj8-vp9h-rm6m

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3j8u-nj8m-kqa4

url VCID-hh73-kwnd-xyhj

vulnerability_id VCID-hh73-kwnd-xyhj

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-28495

reference_id

reference_type

scores

value	0.06091
scoring_system	epss
scoring_elements	0.90966
published_at	2026-06-11T12:55:00Z

value	0.06091
scoring_system	epss
scoring_elements	0.90996
published_at	2026-06-12T12:55:00Z

value	0.06091
scoring_system	epss
scoring_elements	0.91002
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-28495

reference_url

https://docs.totaljs.com/latest/en.html%23api~FrameworkUtils~U.set

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://docs.totaljs.com/latest/en.html%23api~FrameworkUtils~U.set

reference_url

https://github.com/totaljs/framework/blob/master/utils.js%23L6606

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/totaljs/framework/blob/master/utils.js%23L6606

reference_url

https://github.com/totaljs/framework/blob/master/utils.js%23L6617

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/totaljs/framework/blob/master/utils.js%23L6617

reference_url

https://github.com/totaljs/framework/commit/b3f901561d66ab799a4a99279893b94cad7ae4ff

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/totaljs/framework/commit/b3f901561d66ab799a4a99279893b94cad7ae4ff

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-28495

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-28495

reference_url

https://snyk.io/vuln/SNYK-JS-TOTALJS-1046671

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-TOTALJS-1046671

reference_url

https://www.npmjs.com/package/total.js

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/package/total.js

reference_url

https://github.com/advisories/GHSA-6cf8-qhqj-vjqm

reference_id

GHSA-6cf8-qhqj-vjqm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6cf8-qhqj-vjqm

fixed_packages

url pkg:npm/total.js@3.4.7

purl pkg:npm/total.js@3.4.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3j8u-nj8m-kqa4

vulnerability	VCID-q5pf-1e74-cfaw

vulnerability	VCID-qmuh-1ek8-vudf

vulnerability	VCID-taue-1pna-k3h9

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/total.js@3.4.7

aliases CVE-2020-28495, GHSA-6cf8-qhqj-vjqm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hh73-kwnd-xyhj

url

VCID-q5pf-1e74-cfaw

vulnerability_id

VCID-q5pf-1e74-cfaw

summary

In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-44019

reference_id

reference_type

scores

value	0.03622
scoring_system	epss
scoring_elements	0.88071
published_at	2026-06-11T12:55:00Z

value	0.03622
scoring_system	epss
scoring_elements	0.88117
published_at	2026-06-13T12:55:00Z

value	0.03622
scoring_system	epss
scoring_elements	0.88111
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-44019

reference_url

https://github.com/totaljs/code/issues/12

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-07T13:57:46Z/

url

https://github.com/totaljs/code/issues/12

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-44019
reference_id	CVE-2022-44019
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-44019

reference_url

https://www.edoardoottavianelli.it/CVE-2022-44019/

reference_id

CVE-2022-44019

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-07T13:57:46Z/

url

https://www.edoardoottavianelli.it/CVE-2022-44019/

reference_url

https://www.youtube.com/watch?v=x-u3eS8-xJg

reference_id

watch?v=x-u3eS8-xJg

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-07T13:57:46Z/

url

https://www.youtube.com/watch?v=x-u3eS8-xJg

fixed_packages

aliases

CVE-2022-44019

risk_score

4.0

exploitability

0.5

weighted_severity

7.9

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-q5pf-1e74-cfaw

url VCID-qmuh-1ek8-vudf

vulnerability_id VCID-qmuh-1ek8-vudf

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-32831

reference_id

reference_type

scores

value	0.00871
scoring_system	epss
scoring_elements	0.75635
published_at	2026-06-11T12:55:00Z

value	0.00871
scoring_system	epss
scoring_elements	0.75705
published_at	2026-06-12T12:55:00Z

value	0.00871
scoring_system	epss
scoring_elements	0.75718
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-32831

reference_url

https://github.com/totaljs

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/totaljs

reference_url

https://github.com/totaljs/framework/blob/e644167d5378afdc45cb0156190349b2c07ef235/changes.txt#L11

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/totaljs/framework/blob/e644167d5378afdc45cb0156190349b2c07ef235/changes.txt#L11

reference_url

https://github.com/totaljs/framework/commit/887b0fa9e162ef7a2dd9cec20a5ca122726373b3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/totaljs/framework/commit/887b0fa9e162ef7a2dd9cec20a5ca122726373b3

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-32831

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-32831

reference_url

https://securitylab.github.com/advisories/GHSL-2021-066-totaljs-totaljs

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://securitylab.github.com/advisories/GHSL-2021-066-totaljs-totaljs

reference_url	https://securitylab.github.com/advisories/GHSL-2021-066-totaljs-totaljs/
reference_id
reference_type
scores
url	https://securitylab.github.com/advisories/GHSL-2021-066-totaljs-totaljs/

reference_url

https://www.npmjs.com/package/total.js

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/package/total.js

reference_url

https://github.com/advisories/GHSA-vwhc-pww7-72x6

reference_id

GHSA-vwhc-pww7-72x6

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vwhc-pww7-72x6

fixed_packages

url pkg:npm/total.js@3.4.9

purl pkg:npm/total.js@3.4.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q5pf-1e74-cfaw

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/total.js@3.4.9

aliases CVE-2021-32831, GHSA-vwhc-pww7-72x6

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qmuh-1ek8-vudf

url VCID-taue-1pna-k3h9

vulnerability_id VCID-taue-1pna-k3h9

summary Code Injection in total.js

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-23389

reference_id

reference_type

scores

value	0.0534
scoring_system	epss
scoring_elements	0.90306
published_at	2026-06-12T12:55:00Z

value	0.0534
scoring_system	epss
scoring_elements	0.90275
published_at	2026-06-11T12:55:00Z

value	0.0534
scoring_system	epss
scoring_elements	0.90314
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-23389

reference_url

https://github.com/totaljs/framework/blob/master/utils.js%23L6606-L6631

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/totaljs/framework/blob/master/utils.js%23L6606-L6631

reference_url

https://github.com/totaljs/framework/commit/887b0fa9e162ef7a2dd9cec20a5ca122726373b3

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/totaljs/framework/commit/887b0fa9e162ef7a2dd9cec20a5ca122726373b3

reference_url

https://snyk.io/vuln/SNYK-JS-TOTALJS-1088607

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-TOTALJS-1088607

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-23389

reference_id

CVE-2021-23389

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-23389

reference_url

https://github.com/advisories/GHSA-7fm6-gxqg-2pwr

reference_id

GHSA-7fm6-gxqg-2pwr

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7fm6-gxqg-2pwr

fixed_packages

url pkg:npm/total.js@3.4.9

purl pkg:npm/total.js@3.4.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q5pf-1e74-cfaw

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/total.js@3.4.9

aliases CVE-2021-23389, GHSA-7fm6-gxqg-2pwr

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-taue-1pna-k3h9

url VCID-v2q5-bu5j-5qe9

vulnerability_id VCID-v2q5-bu5j-5qe9

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-28494

reference_id

reference_type

scores

value	0.01199
scoring_system	epss
scoring_elements	0.79303
published_at	2026-06-11T12:55:00Z

value	0.01199
scoring_system	epss
scoring_elements	0.79368
published_at	2026-06-12T12:55:00Z

value	0.01199
scoring_system	epss
scoring_elements	0.79381
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-28494

reference_url

https://github.com/totaljs/framework/commit/6192491ab2631e7c1d317c221f18ea613e2c18a5

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/totaljs/framework/commit/6192491ab2631e7c1d317c221f18ea613e2c18a5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-28494

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-28494

reference_url

https://snyk.io/vuln/SNYK-JS-TOTALJS-1046672

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-TOTALJS-1046672

reference_url

https://www.npmjs.com/package/total.js

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/package/total.js

reference_url

https://github.com/advisories/GHSA-4449-hg37-77v8

reference_id

GHSA-4449-hg37-77v8

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4449-hg37-77v8

fixed_packages

url pkg:npm/total.js@3.4.7

purl pkg:npm/total.js@3.4.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3j8u-nj8m-kqa4

vulnerability	VCID-q5pf-1e74-cfaw

vulnerability	VCID-qmuh-1ek8-vudf

vulnerability	VCID-taue-1pna-k3h9

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/total.js@3.4.7

aliases CVE-2020-28494, GHSA-4449-hg37-77v8

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v2q5-bu5j-5qe9

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/total.js@3.4.4

Package Instance