Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/nanoid@3.1.29
Typenpm
Namespace
Namenanoid
Version3.1.29
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.3.8
Latest_non_vulnerable_version5.0.9
Affected_by_vulnerabilities
0
url VCID-hu1m-98mk-uua9
vulnerability_id VCID-hu1m-98mk-uua9
summary 
Predictable results in nanoid generation when given non-integer values
When nanoid is called with a fractional value, there were a number of undesirable effects:

1. in browser and non-secure, the code infinite loops on while (size--)
2. in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled
3. if the first call in node is a fractional argument, the initial buffer allocation fails with an error

Version 3.3.8 and 5.0.9 are fixed.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-55565.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-55565.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55565
reference_id
reference_type
scores
0
value 0.00107
scoring_system epss
scoring_elements 0.28444
published_at 2026-06-09T12:55:00Z
1
value 0.00107
scoring_system epss
scoring_elements 0.28474
published_at 2026-06-07T12:55:00Z
2
value 0.00107
scoring_system epss
scoring_elements 0.2844
published_at 2026-06-08T12:55:00Z
3
value 0.00107
scoring_system epss
scoring_elements 0.28553
published_at 2026-06-05T12:55:00Z
4
value 0.00107
scoring_system epss
scoring_elements 0.28512
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55565
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55565
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55565
3
reference_url https://github.com/ai/nanoid
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ai/nanoid
4
reference_url https://github.com/ai/nanoid/compare/3.3.7...3.3.8
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T17:19:45Z/
url https://github.com/ai/nanoid/compare/3.3.7...3.3.8
5
reference_url https://github.com/ai/nanoid/pull/510
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T17:19:45Z/
url https://github.com/ai/nanoid/pull/510
6
reference_url https://github.com/ai/nanoid/releases/tag/5.0.9
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T17:19:45Z/
url https://github.com/ai/nanoid/releases/tag/5.0.9
7
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html
8
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2331063
reference_id 2331063
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2331063
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55565
reference_id CVE-2024-55565
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55565
11
reference_url https://github.com/advisories/GHSA-mwcw-c2x4-8c55
reference_id GHSA-mwcw-c2x4-8c55
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwcw-c2x4-8c55
12
reference_url https://access.redhat.com/errata/RHSA-2024:10990
reference_id RHSA-2024:10990
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10990
13
reference_url https://access.redhat.com/errata/RHSA-2025:0079
reference_id RHSA-2025:0079
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0079
14
reference_url https://access.redhat.com/errata/RHSA-2025:0082
reference_id RHSA-2025:0082
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0082
15
reference_url https://access.redhat.com/errata/RHSA-2025:0340
reference_id RHSA-2025:0340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0340
16
reference_url https://access.redhat.com/errata/RHSA-2025:0654
reference_id RHSA-2025:0654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0654
17
reference_url https://access.redhat.com/errata/RHSA-2025:0723
reference_id RHSA-2025:0723
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0723
18
reference_url https://access.redhat.com/errata/RHSA-2025:0778
reference_id RHSA-2025:0778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0778
19
reference_url https://access.redhat.com/errata/RHSA-2025:0785
reference_id RHSA-2025:0785
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0785
20
reference_url https://access.redhat.com/errata/RHSA-2025:0851
reference_id RHSA-2025:0851
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0851
21
reference_url https://access.redhat.com/errata/RHSA-2025:0875
reference_id RHSA-2025:0875
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0875
22
reference_url https://access.redhat.com/errata/RHSA-2025:0892
reference_id RHSA-2025:0892
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0892
23
reference_url https://access.redhat.com/errata/RHSA-2025:1051
reference_id RHSA-2025:1051
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1051
24
reference_url https://access.redhat.com/errata/RHSA-2025:1448
reference_id RHSA-2025:1448
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1448
25
reference_url https://access.redhat.com/errata/RHSA-2025:2652
reference_id RHSA-2025:2652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2652
26
reference_url https://access.redhat.com/errata/RHSA-2025:3368
reference_id RHSA-2025:3368
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3368
27
reference_url https://access.redhat.com/errata/RHSA-2025:3374
reference_id RHSA-2025:3374
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3374
28
reference_url https://access.redhat.com/errata/RHSA-2025:3397
reference_id RHSA-2025:3397
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3397
29
reference_url https://access.redhat.com/errata/RHSA-2026:2737
reference_id RHSA-2026:2737
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2737
30
reference_url https://access.redhat.com/errata/RHSA-2026:3406
reference_id RHSA-2026:3406
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3406
fixed_packages
0
url pkg:npm/nanoid@3.3.8
purl pkg:npm/nanoid@3.3.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/nanoid@3.3.8
1
url pkg:npm/nanoid@5.0.9
purl pkg:npm/nanoid@5.0.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/nanoid@5.0.9
aliases CVE-2024-55565, GHSA-mwcw-c2x4-8c55
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hu1m-98mk-uua9
1
url VCID-svkb-kpcy-kbat
vulnerability_id VCID-svkb-kpcy-kbat
summary 
Exposure of Sensitive Information to an Unauthorized Actor in nanoid
The package nanoid from 3.0.0, before 3.1.31, are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23566.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23566.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-23566
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.08104
published_at 2026-06-09T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.08085
published_at 2026-06-08T12:55:00Z
2
value 0.00027
scoring_system epss
scoring_elements 0.08102
published_at 2026-06-04T12:55:00Z
3
value 0.00027
scoring_system epss
scoring_elements 0.08135
published_at 2026-06-07T12:55:00Z
4
value 0.00027
scoring_system epss
scoring_elements 0.08152
published_at 2026-06-06T12:55:00Z
5
value 0.00027
scoring_system epss
scoring_elements 0.08137
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-23566
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23566
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23566
3
reference_url https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444
4
reference_url https://github.com/ai/nanoid
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ai/nanoid
5
reference_url https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575
6
reference_url https://github.com/ai/nanoid/pull/328
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ai/nanoid/pull/328
7
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html
8
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html
9
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550
10
reference_url https://snyk.io/vuln/SNYK-JS-NANOID-2332193
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-NANOID-2332193
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2050853
reference_id 2050853
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2050853
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23566
reference_id CVE-2021-23566
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-23566
13
reference_url https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
reference_id GHSA-qrpm-p2h7-hrv2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
14
reference_url https://access.redhat.com/errata/RHSA-2022:5069
reference_id RHSA-2022:5069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5069
15
reference_url https://access.redhat.com/errata/RHSA-2022:6156
reference_id RHSA-2022:6156
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6156
fixed_packages
0
url pkg:npm/nanoid@3.1.31
purl pkg:npm/nanoid@3.1.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hu1m-98mk-uua9
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/nanoid@3.1.31
aliases CVE-2021-23566, GHSA-qrpm-p2h7-hrv2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-svkb-kpcy-kbat
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/nanoid@3.1.29