Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40theia/messages@0.3.2
Typenpm
Namespace@theia
Namemessages
Version0.3.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.0.0
Latest_non_vulnerable_version1.0.0
Affected_by_vulnerabilities
0
url VCID-dzh9-83r1-97c4
vulnerability_id VCID-dzh9-83r1-97c4
summary 
Inclusion of Functionality from Untrusted Control Sphere
In Eclipse Theia versions up to and including, in the notification messages there is no HTML escaping, so Javascript code can run.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28162
reference_id
reference_type
scores
0
value 0.00172
scoring_system epss
scoring_elements 0.3828
published_at 2026-06-04T12:55:00Z
1
value 0.00172
scoring_system epss
scoring_elements 0.38324
published_at 2026-06-09T12:55:00Z
2
value 0.00172
scoring_system epss
scoring_elements 0.38314
published_at 2026-06-08T12:55:00Z
3
value 0.00172
scoring_system epss
scoring_elements 0.38343
published_at 2026-06-07T12:55:00Z
4
value 0.00172
scoring_system epss
scoring_elements 0.38371
published_at 2026-06-06T12:55:00Z
5
value 0.00172
scoring_system epss
scoring_elements 0.38368
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28162
1
reference_url https://github.com/eclipse-theia/theia/blob/master/CHANGELOG.md#v100---26032020
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse-theia/theia/blob/master/CHANGELOG.md#v100---26032020
2
reference_url https://github.com/eclipse-theia/theia/issues/7283
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse-theia/theia/issues/7283
3
reference_url https://github.com/eclipse-theia/theia/pull/7289
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse-theia/theia/pull/7289
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28162
reference_id CVE-2021-28162
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28162
5
reference_url https://github.com/advisories/GHSA-c94v-8fff-73ph
reference_id GHSA-c94v-8fff-73ph
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c94v-8fff-73ph
fixed_packages
0
url pkg:npm/%40theia/messages@1.0.0
purl pkg:npm/%40theia/messages@1.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540theia/messages@1.0.0
aliases CVE-2021-28162, GHSA-c94v-8fff-73ph
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dzh9-83r1-97c4
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540theia/messages@0.3.2