Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/katex@0.13.0

Type npm

Namespace

Name katex

Version 0.13.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 0.16.21

Latest_non_vulnerable_version 0.16.21

Affected_by_vulnerabilities

url VCID-1uvx-5hp6-5bgk

vulnerability_id VCID-1uvx-5hp6-5bgk

summary KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-28245

reference_id

reference_type

scores

value	0.00049
scoring_system	epss
scoring_elements	0.15642
published_at	2026-06-13T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.1563
published_at	2026-06-12T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15493
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-28245

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28245
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28245

reference_url

https://github.com/KaTeX/KaTeX

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/KaTeX/KaTeX

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067805
reference_id	1067805
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067805

reference_url

https://github.com/KaTeX/KaTeX/commit/c5897fcd1f73da9612a53e6b5544f1d776e17770

reference_id

c5897fcd1f73da9612a53e6b5544f1d776e17770

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-26T19:26:52Z/

url

https://github.com/KaTeX/KaTeX/commit/c5897fcd1f73da9612a53e6b5544f1d776e17770

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-28245

reference_id

CVE-2024-28245

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-28245

reference_url

https://github.com/advisories/GHSA-f98w-7cxr-ff2h

reference_id

GHSA-f98w-7cxr-ff2h

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f98w-7cxr-ff2h

reference_url

https://github.com/KaTeX/KaTeX/security/advisories/GHSA-f98w-7cxr-ff2h

reference_id

GHSA-f98w-7cxr-ff2h

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-26T19:26:52Z/

url

https://github.com/KaTeX/KaTeX/security/advisories/GHSA-f98w-7cxr-ff2h

reference_url	https://usn.ubuntu.com/7572-1/
reference_id	USN-7572-1
reference_type
scores
url	https://usn.ubuntu.com/7572-1/

fixed_packages

url pkg:npm/katex@0.16.10

purl pkg:npm/katex@0.16.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-npmc-q6zw-j7de

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/katex@0.16.10

aliases CVE-2024-28245, GHSA-f98w-7cxr-ff2h

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1uvx-5hp6-5bgk

url VCID-j9km-s26z-ekc7

vulnerability_id VCID-j9km-s26z-ekc7

summary KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's `trust` option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow for malicious input to generate `javascript:` links in the output, even if the `trust` function tries to forbid this protocol via `trust: (context) => context.protocol !== 'javascript'`. Upgrade to KaTeX v0.16.10 to remove this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-28246

reference_id

reference_type

scores

value	0.00056
scoring_system	epss
scoring_elements	0.18142
published_at	2026-06-12T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.18159
published_at	2026-06-13T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17984
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-28246

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28246
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28246

reference_url

https://github.com/KaTeX/KaTeX

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/KaTeX/KaTeX

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067805
reference_id	1067805
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067805

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-28246

reference_id

CVE-2024-28246

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-28246

reference_url

https://github.com/KaTeX/KaTeX/commit/fc5af64183a3ceb9be9d1c23a275999a728593de

reference_id

fc5af64183a3ceb9be9d1c23a275999a728593de

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T00:04:56Z/

url

https://github.com/KaTeX/KaTeX/commit/fc5af64183a3ceb9be9d1c23a275999a728593de

reference_url

https://github.com/advisories/GHSA-3wc5-fcw2-2329

reference_id

GHSA-3wc5-fcw2-2329

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3wc5-fcw2-2329

reference_url

https://github.com/KaTeX/KaTeX/security/advisories/GHSA-3wc5-fcw2-2329

reference_id

GHSA-3wc5-fcw2-2329

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T00:04:56Z/

url

https://github.com/KaTeX/KaTeX/security/advisories/GHSA-3wc5-fcw2-2329

reference_url	https://usn.ubuntu.com/7572-1/
reference_id	USN-7572-1
reference_type
scores
url	https://usn.ubuntu.com/7572-1/

fixed_packages

url pkg:npm/katex@0.16.10

purl pkg:npm/katex@0.16.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-npmc-q6zw-j7de

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/katex@0.16.10

aliases CVE-2024-28246, GHSA-3wc5-fcw2-2329

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j9km-s26z-ekc7

url VCID-npmc-q6zw-j7de

vulnerability_id VCID-npmc-q6zw-j7de

summary KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with `renderToString` could encounter malicious input using `\htmlData` that runs arbitrary JavaScript, or generate invalid HTML. Users are advised to upgrade to KaTeX v0.16.21 to remove this vulnerability. Users unable to upgrade should avoid use of or turn off the `trust` option, or set it to forbid `\htmlData` commands, forbid inputs containing the substring `"\\htmlData"` and sanitize HTML output from KaTeX.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23207.json

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23207.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-23207

reference_id

reference_type

scores

value	0.00051
scoring_system	epss
scoring_elements	0.16622
published_at	2026-06-12T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.16477
published_at	2026-06-11T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.16633
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-23207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23207
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23207

reference_url

https://github.com/KaTeX/KaTeX

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/KaTeX/KaTeX

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-23207

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-23207

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093446
reference_id	1093446
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093446

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2338681
reference_id	2338681
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2338681

reference_url

https://github.com/KaTeX/KaTeX/commit/ff289955e81aab89086eef09254cbf88573d415c

reference_id

ff289955e81aab89086eef09254cbf88573d415c

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-17T21:32:10Z/

url

https://github.com/KaTeX/KaTeX/commit/ff289955e81aab89086eef09254cbf88573d415c

reference_url

https://github.com/advisories/GHSA-cg87-wmx4-v546

reference_id

GHSA-cg87-wmx4-v546

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cg87-wmx4-v546

reference_url

https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cg87-wmx4-v546

reference_id

GHSA-cg87-wmx4-v546

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-17T21:32:10Z/

url

https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cg87-wmx4-v546

reference_url	https://access.redhat.com/errata/RHSA-2025:2753
reference_id	RHSA-2025:2753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2753

reference_url	https://usn.ubuntu.com/7572-1/
reference_id	USN-7572-1
reference_type
scores
url	https://usn.ubuntu.com/7572-1/

fixed_packages

url	pkg:npm/katex@0.16.21
purl	pkg:npm/katex@0.16.21
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/katex@0.16.21

aliases CVE-2025-23207, GHSA-cg87-wmx4-v546

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-npmc-q6zw-j7de

url VCID-yr9t-mmfr-rub1

vulnerability_id VCID-yr9t-mmfr-rub1

summary KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow. Upgrade to KaTeX v0.16.10 to remove this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-28243

reference_id

reference_type

scores

value	0.00477
scoring_system	epss
scoring_elements	0.65363
published_at	2026-06-11T12:55:00Z

value	0.00477
scoring_system	epss
scoring_elements	0.65475
published_at	2026-06-13T12:55:00Z

value	0.00477
scoring_system	epss
scoring_elements	0.65464
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-28243

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28243
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28243

reference_url

https://github.com/KaTeX/KaTeX

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/KaTeX/KaTeX

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067805
reference_id	1067805
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067805

reference_url

https://github.com/github/advisory-database/pull/6777

reference_id

6777

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-01T19:45:30Z/

url

https://github.com/github/advisory-database/pull/6777

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-28243

reference_id

CVE-2024-28243

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-28243

reference_url

https://github.com/KaTeX/KaTeX/commit/e88b4c357f978b1bca8edfe3297f0aa309bcbe34

reference_id

e88b4c357f978b1bca8edfe3297f0aa309bcbe34

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-01T19:45:30Z/

url

https://github.com/KaTeX/KaTeX/commit/e88b4c357f978b1bca8edfe3297f0aa309bcbe34

reference_url

https://github.com/advisories/GHSA-64fm-8hw2-v72w

reference_id

GHSA-64fm-8hw2-v72w

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-64fm-8hw2-v72w

reference_url

https://github.com/KaTeX/KaTeX/security/advisories/GHSA-64fm-8hw2-v72w

reference_id

GHSA-64fm-8hw2-v72w

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-01T19:45:30Z/

url

https://github.com/KaTeX/KaTeX/security/advisories/GHSA-64fm-8hw2-v72w

reference_url	https://usn.ubuntu.com/7572-1/
reference_id	USN-7572-1
reference_type
scores
url	https://usn.ubuntu.com/7572-1/

fixed_packages

url pkg:npm/katex@0.16.10

purl pkg:npm/katex@0.16.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-npmc-q6zw-j7de

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/katex@0.16.10

aliases CVE-2024-28243, GHSA-64fm-8hw2-v72w

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yr9t-mmfr-rub1

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/katex@0.13.0

Package Instance