Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40awsui/components-react@3.0.257
Typenpm
Namespace@awsui
Namecomponents-react
Version3.0.257
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.0.367
Latest_non_vulnerable_version3.0.367
Affected_by_vulnerabilities
0
url VCID-2jpv-9g1x-2fcd
vulnerability_id VCID-2jpv-9g1x-2fcd
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Users are advised to upgrade to version 3.0.367 or later. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24709
reference_id
reference_type
scores
0
value 0.00391
scoring_system epss
scoring_elements 0.60474
published_at 2026-06-06T12:55:00Z
1
value 0.00391
scoring_system epss
scoring_elements 0.60462
published_at 2026-06-09T12:55:00Z
2
value 0.00391
scoring_system epss
scoring_elements 0.60446
published_at 2026-06-08T12:55:00Z
3
value 0.00391
scoring_system epss
scoring_elements 0.60463
published_at 2026-06-07T12:55:00Z
4
value 0.00391
scoring_system epss
scoring_elements 0.60424
published_at 2026-06-04T12:55:00Z
5
value 0.00391
scoring_system epss
scoring_elements 0.60472
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24709
1
reference_url https://github.com/aws/awsui-documentation
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/awsui-documentation
2
reference_url https://www.npmjs.com/package/@awsui/components-react
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/@awsui/components-react
3
reference_url https://www.npmjs.com/package/%40awsui/components-react
reference_id components-react
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:35Z/
url https://www.npmjs.com/package/%40awsui/components-react
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24709
reference_id CVE-2022-24709
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24709
5
reference_url https://github.com/advisories/GHSA-mf22-92pm-m8p8
reference_id GHSA-mf22-92pm-m8p8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mf22-92pm-m8p8
6
reference_url https://github.com/aws/awsui-documentation/security/advisories/GHSA-mf22-92pm-m8p8
reference_id GHSA-mf22-92pm-m8p8
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:35Z/
url https://github.com/aws/awsui-documentation/security/advisories/GHSA-mf22-92pm-m8p8
fixed_packages
0
url pkg:npm/%40awsui/components-react@3.0.367
purl pkg:npm/%40awsui/components-react@3.0.367
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540awsui/components-react@3.0.367
aliases CVE-2022-24709, GHSA-mf22-92pm-m8p8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2jpv-9g1x-2fcd
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540awsui/components-react@3.0.257