Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/meshcentral@0.6.39

Type npm

Namespace

Name meshcentral

Version 0.6.39

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.1.21

Latest_non_vulnerable_version 1.1.21

Affected_by_vulnerabilities

url VCID-4hqh-k6cz-ekc5

vulnerability_id VCID-4hqh-k6cz-ekc5

summary An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-51842

reference_id

reference_type

scores

value	0.00252
scoring_system	epss
scoring_elements	0.48933
published_at	2026-06-13T12:55:00Z

value	0.00252
scoring_system	epss
scoring_elements	0.48915
published_at	2026-06-12T12:55:00Z

value	0.00252
scoring_system	epss
scoring_elements	0.48778
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-51842

reference_url

https://github.com/Ylianst/MeshCentral

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/Ylianst/MeshCentral

reference_url

https://github.com/Ylianst/MeshCentral/commit/a5efc5e899b8809293b297df045cff5ec0eb448b

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/Ylianst/MeshCentral/commit/a5efc5e899b8809293b297df045cff5ec0eb448b

reference_url

https://github.com/tianjk99/Cryptographic-Misuses/blob/main/Bug_MeshCentral.md

reference_id

Bug_MeshCentral.md

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-02T19:22:04Z/

url

https://github.com/tianjk99/Cryptographic-Misuses/blob/main/Bug_MeshCentral.md

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-51842

reference_id

CVE-2023-51842

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-51842

reference_url

https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-51842.md

reference_id

CVE-2023-51842.md

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-02T19:22:04Z/

url

https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-51842.md

reference_url

https://github.com/advisories/GHSA-wpxw-5xfm-x22v

reference_id

GHSA-wpxw-5xfm-x22v

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wpxw-5xfm-x22v

reference_url

https://github.com/Ylianst/MeshCentral/tree/master

reference_id

master

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-02T19:22:04Z/

url

https://github.com/Ylianst/MeshCentral/tree/master

fixed_packages

url pkg:npm/meshcentral@1.1.17

purl pkg:npm/meshcentral@1.1.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qkvm-dwnm-t7hr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/meshcentral@1.1.17

aliases CVE-2023-51842, GHSA-wpxw-5xfm-x22v

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4hqh-k6cz-ekc5

url VCID-jx9y-p4mk-h3bh

vulnerability_id VCID-jx9y-p4mk-h3bh

summary Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-51837

reference_id

reference_type

scores

value	0.00085
scoring_system	epss
scoring_elements	0.24895
published_at	2026-06-13T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24884
published_at	2026-06-12T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24685
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-51837

reference_url

https://github.com/Ylianst/MeshCentral

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/Ylianst/MeshCentral

reference_url

https://github.com/tianjk99/Cryptographic-Misuses/blob/main/Bug_MeshCentral.md

reference_id

Bug_MeshCentral.md

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-09T23:34:02Z/

url

https://github.com/tianjk99/Cryptographic-Misuses/blob/main/Bug_MeshCentral.md

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-51837

reference_id

CVE-2023-51837

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-51837

reference_url

https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-51837.md

reference_id

CVE-2023-51837.md

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-09T23:34:02Z/

url

https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-51837.md

reference_url

https://github.com/advisories/GHSA-8xw6-9h78-c89j

reference_id

GHSA-8xw6-9h78-c89j

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8xw6-9h78-c89j

reference_url

https://github.com/Ylianst/MeshCentral/blob/master/mpsserver.js

reference_id

mpsserver.js

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-09T23:34:02Z/

url

https://github.com/Ylianst/MeshCentral/blob/master/mpsserver.js

fixed_packages

url pkg:npm/meshcentral@1.1.17

purl pkg:npm/meshcentral@1.1.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qkvm-dwnm-t7hr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/meshcentral@1.1.17

aliases CVE-2023-51837, GHSA-8xw6-9h78-c89j

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jx9y-p4mk-h3bh

url VCID-qkvm-dwnm-t7hr

vulnerability_id VCID-qkvm-dwnm-t7hr

summary MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking (CSWSH) vulnerability within the control.ashx endpoint. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. The vulnerability is exploitable when an attacker is able to convince a victim end-user to click on a malicious link to a page hosting an attacker-controlled site. The attacker can then originate a cross-site websocket connection using client-side JavaScript code to connect to `control.ashx` as the victim user within MeshCentral. Version 1.1.21 contains a patch for this issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-26135

reference_id

reference_type

scores

value	0.01394
scoring_system	epss
scoring_elements	0.80802
published_at	2026-06-11T12:55:00Z

value	0.01394
scoring_system	epss
scoring_elements	0.80873
published_at	2026-06-13T12:55:00Z

value	0.01394
scoring_system	epss
scoring_elements	0.80862
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-26135

reference_url

https://github.com/Ylianst/MeshCentral

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/Ylianst/MeshCentral

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-26135

reference_id

CVE-2024-26135

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-26135

reference_url

https://github.com/Ylianst/MeshCentral/commit/f2e43cc6da9f5447dbff0948e6c6024c8a315af3

reference_id

f2e43cc6da9f5447dbff0948e6c6024c8a315af3

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-21T15:46:41Z/

url

https://github.com/Ylianst/MeshCentral/commit/f2e43cc6da9f5447dbff0948e6c6024c8a315af3

reference_url

https://github.com/advisories/GHSA-cp68-qrhr-g9h8

reference_id

GHSA-cp68-qrhr-g9h8

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cp68-qrhr-g9h8

reference_url

https://github.com/Ylianst/MeshCentral/security/advisories/GHSA-cp68-qrhr-g9h8

reference_id

GHSA-cp68-qrhr-g9h8

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-21T15:46:41Z/

url

https://github.com/Ylianst/MeshCentral/security/advisories/GHSA-cp68-qrhr-g9h8

fixed_packages

url	pkg:npm/meshcentral@1.1.21
purl	pkg:npm/meshcentral@1.1.21
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/meshcentral@1.1.21

aliases CVE-2024-26135, GHSA-cp68-qrhr-g9h8

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qkvm-dwnm-t7hr

url VCID-xwy4-x69j-y7g7

vulnerability_id VCID-xwy4-x69j-y7g7

summary Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-51838

reference_id

reference_type

scores

value	0.00047
scoring_system	epss
scoring_elements	0.15018
published_at	2026-06-13T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.1502
published_at	2026-06-12T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.149
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-51838

reference_url

https://github.com/Ylianst/MeshCentral

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/Ylianst/MeshCentral

reference_url

https://github.com/tianjk99/Cryptographic-Misuses/blob/main/Bug_MeshCentral.md

reference_id

Bug_MeshCentral.md

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-02T19:23:25Z/

url

https://github.com/tianjk99/Cryptographic-Misuses/blob/main/Bug_MeshCentral.md

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-51838

reference_id

CVE-2023-51838

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-51838

reference_url

https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-51838.md

reference_id

CVE-2023-51838.md

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-02T19:23:25Z/

url

https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-51838.md

reference_url

https://github.com/advisories/GHSA-v269-rrr6-cx6r

reference_id

GHSA-v269-rrr6-cx6r

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v269-rrr6-cx6r

reference_url

https://github.com/Ylianst/MeshCentral/tree/master

reference_id

master

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-02T19:23:25Z/

url

https://github.com/Ylianst/MeshCentral/tree/master

fixed_packages

url pkg:npm/meshcentral@1.1.17

purl pkg:npm/meshcentral@1.1.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qkvm-dwnm-t7hr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/meshcentral@1.1.17

aliases CVE-2023-51838, GHSA-v269-rrr6-cx6r

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xwy4-x69j-y7g7

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/meshcentral@0.6.39

Package Instance