Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/hexo@2.0.0-rc1

Type npm

Namespace

Name hexo

Version 2.0.0-rc1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 7.2.0

Latest_non_vulnerable_version 7.2.0

Affected_by_vulnerabilities

url VCID-ckh6-gapd-qfeg

vulnerability_id VCID-ckh6-gapd-qfeg

summary Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-39584

reference_id

reference_type

scores

value	0.0469
scoring_system	epss
scoring_elements	0.89586
published_at	2026-06-11T12:55:00Z

value	0.0469
scoring_system	epss
scoring_elements	0.89621
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-39584

reference_url

https://github.com/hexojs/hexo

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hexojs/hexo

reference_url

https://github.com/hexojs/hexo/blob/cefee921153ba597316457f4fedf7b87b6516917/lib/plugins/tag/include_code.ts#L50

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hexojs/hexo/blob/cefee921153ba597316457f4fedf7b87b6516917/lib/plugins/tag/include_code.ts#L50

reference_url

https://github.com/hexojs/hexo/commit/b5b63caee27256d71a0cee8954c22375ec885d07

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hexojs/hexo/commit/b5b63caee27256d71a0cee8954c22375ec885d07

reference_url

https://github.com/hexojs/hexo/pull/5251

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hexojs/hexo/pull/5251

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-39584

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-39584

reference_url

https://github.com/hexojs/hexo/issues/5250

reference_id

5250

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T18:03:25Z/

url

https://github.com/hexojs/hexo/issues/5250

reference_url

https://github.com/advisories/GHSA-x2jc-989c-47q4

reference_id

GHSA-x2jc-989c-47q4

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x2jc-989c-47q4

reference_url

https://github.com/hexojs/hexo/blob/a3e68e7576d279db22bd7481914286104e867834/lib/plugins/tag/include_code.js#L49

reference_id

include_code.js#L49

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T18:03:25Z/

url

https://github.com/hexojs/hexo/blob/a3e68e7576d279db22bd7481914286104e867834/lib/plugins/tag/include_code.js#L49

reference_url

https://www.gem-love.com/2023/07/25/hexo%E5%8D%9A%E5%AE%A2%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E5%92%8C%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/#undefined

reference_id

#undefined

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T18:03:25Z/

url

https://www.gem-love.com/2023/07/25/hexo%E5%8D%9A%E5%AE%A2%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E5%92%8C%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/#undefined

fixed_packages

url	pkg:npm/hexo@7.2.0
purl	pkg:npm/hexo@7.2.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/hexo@7.2.0

aliases CVE-2023-39584, GHSA-x2jc-989c-47q4

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ckh6-gapd-qfeg

url VCID-yfsp-ucq1-d3b8

vulnerability_id VCID-yfsp-ucq1-d3b8

summary Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-25987

reference_id

reference_type

scores

value	0.00091
scoring_system	epss
scoring_elements	0.25911
published_at	2026-06-12T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25712
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-25987

reference_url

https://github.com/hexojs/hexo

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hexojs/hexo

reference_url

https://github.com/hexojs/hexo/issues/4838

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hexojs/hexo/issues/4838

reference_url

https://github.com/hexojs/hexo/pull/4750

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hexojs/hexo/pull/4750

reference_url

https://github.com/hexojs/hexo/commit/5170df2d3fa9c69e855c4b7c2b084ebfd92d5200

reference_id

5170df2d3fa9c69e855c4b7c2b084ebfd92d5200

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:27:36Z/

url

https://github.com/hexojs/hexo/commit/5170df2d3fa9c69e855c4b7c2b084ebfd92d5200

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-25987

reference_id

CVE-2021-25987

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-25987

reference_url

https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25987

reference_id

CVE-2021-25987

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:27:36Z/

url

https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25987

reference_url

https://github.com/advisories/GHSA-q54r-r9pr-w7qv

reference_id

GHSA-q54r-r9pr-w7qv

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q54r-r9pr-w7qv

fixed_packages

url pkg:npm/hexo@6.0.0

purl pkg:npm/hexo@6.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ckh6-gapd-qfeg

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/hexo@6.0.0

aliases CVE-2021-25987, GHSA-q54r-r9pr-w7qv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yfsp-ucq1-d3b8

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/hexo@2.0.0-rc1

Package Instance