Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/karma@2.0.3
Typenpm
Namespace
Namekarma
Version2.0.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.3.16
Latest_non_vulnerable_version6.3.16
Affected_by_vulnerabilities
0
url VCID-n4ty-5zc7-rkbx
vulnerability_id VCID-n4ty-5zc7-rkbx
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - DOM in NPM karma
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0437
reference_id
reference_type
scores
0
value 0.24648
scoring_system epss
scoring_elements 0.96237
published_at 2026-06-04T12:55:00Z
1
value 0.24648
scoring_system epss
scoring_elements 0.9625
published_at 2026-06-09T12:55:00Z
2
value 0.24648
scoring_system epss
scoring_elements 0.96244
published_at 2026-06-08T12:55:00Z
3
value 0.24648
scoring_system epss
scoring_elements 0.96241
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0437
1
reference_url https://github.com/karma-runner/karma
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/karma-runner/karma
2
reference_url https://github.com/karma-runner/karma/commit/839578c45a8ac42fbc1d72105f97eab77dd3eb8a
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/karma-runner/karma/commit/839578c45a8ac42fbc1d72105f97eab77dd3eb8a
3
reference_url https://github.com/karma-runner/karma/releases/tag/v6.3.14
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/karma-runner/karma/releases/tag/v6.3.14
4
reference_url https://huntr.dev/bounties/64b67ea1-5487-4382-a5f6-e8a95f798885
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/64b67ea1-5487-4382-a5f6-e8a95f798885
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0437
reference_id CVE-2022-0437
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0437
6
reference_url https://github.com/advisories/GHSA-7x7c-qm48-pq9c
reference_id GHSA-7x7c-qm48-pq9c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7x7c-qm48-pq9c
fixed_packages
0
url pkg:npm/karma@6.3.14
purl pkg:npm/karma@6.3.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zg5d-m9w2-r3aa
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/karma@6.3.14
aliases CVE-2022-0437, GHSA-7x7c-qm48-pq9c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n4ty-5zc7-rkbx
1
url VCID-zg5d-m9w2-r3aa
vulnerability_id VCID-zg5d-m9w2-r3aa
summary 
Open redirect in karma
The package karma before 6.3.16 is vulnerable to Open Redirect due to missing validation of the return_url query parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-23495
reference_id
reference_type
scores
0
value 0.00255
scoring_system epss
scoring_elements 0.49125
published_at 2026-06-08T12:55:00Z
1
value 0.00255
scoring_system epss
scoring_elements 0.49137
published_at 2026-06-09T12:55:00Z
2
value 0.00255
scoring_system epss
scoring_elements 0.49099
published_at 2026-06-04T12:55:00Z
3
value 0.00255
scoring_system epss
scoring_elements 0.4916
published_at 2026-06-05T12:55:00Z
4
value 0.00255
scoring_system epss
scoring_elements 0.4917
published_at 2026-06-06T12:55:00Z
5
value 0.00255
scoring_system epss
scoring_elements 0.49154
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-23495
1
reference_url https://github.com/karma-runner/karma
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/karma-runner/karma
2
reference_url https://github.com/karma-runner/karma/commit/ff7edbb2ffbcdd69761bece86b7dc1ef0740508d
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/karma-runner/karma/commit/ff7edbb2ffbcdd69761bece86b7dc1ef0740508d
3
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2412347
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2412347
4
reference_url https://snyk.io/vuln/SNYK-JS-KARMA-2396325
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-KARMA-2396325
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23495
reference_id CVE-2021-23495
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-23495
6
reference_url https://github.com/advisories/GHSA-rc3x-jf5g-xvc5
reference_id GHSA-rc3x-jf5g-xvc5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rc3x-jf5g-xvc5
fixed_packages
0
url pkg:npm/karma@6.3.16
purl pkg:npm/karma@6.3.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/karma@6.3.16
aliases CVE-2021-23495, GHSA-rc3x-jf5g-xvc5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zg5d-m9w2-r3aa
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/karma@2.0.3