Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/snyk@1.1095.0

Type npm

Namespace

Name snyk

Version 1.1095.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.1297.3

Latest_non_vulnerable_version 1.1297.3

Affected_by_vulnerabilities

url VCID-6w25-4kgm-p7aj

vulnerability_id VCID-6w25-4kgm-p7aj

summary Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line arguments can be exposed when executing Snyk CLI in DEBUG or DEBUG/TRACE mode. The issue affects the following Snyk commands: 1. When snyk container test or snyk container monitor commands are run against a container registry, with debug mode enabled, the container registry credentials may be written into the local Snyk CLI debug log. This only happens with credentials specified in environment variables (SNYK_REGISTRY_USERNAME and SNYK_REGISTRY_PASSWORD), or in the CLI (--password/-p and --username/-u). 2. When snyk auth command is executed with debug mode enabled AND the log level is set to TRACE, the Snyk access / refresh credential tokens used to connect the CLI to Snyk may be written into the local CLI debug logs. 3. When snyk iac test is executed with a Remote IAC Custom rules bundle, debug mode enabled, AND the log level is set to TRACE, the docker registry token may be written into the local CLI debug logs.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6624

reference_id

reference_type

scores

value	0.00115
scoring_system	epss
scoring_elements	0.29977
published_at	2026-06-12T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.29779
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6624

reference_url

https://github.com/snyk

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

value	1.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/snyk

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-6624

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

value	1.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-6624

reference_url

https://github.com/snyk/cli/commit/38322f377da7e5f1391e1f641710be50989fa4df

reference_id

38322f377da7e5f1391e1f641710be50989fa4df

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H/E:P

value	1.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:P

value	2.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-26T13:31:53Z/

url

https://github.com/snyk/cli/commit/38322f377da7e5f1391e1f641710be50989fa4df

reference_url

https://github.com/snyk/go-application-framework/commit/ca7ba7d72e68455afb466a7a47bb2c9aece86c18

reference_id

ca7ba7d72e68455afb466a7a47bb2c9aece86c18

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H/E:P

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

value	1.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:P

value	2.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-26T13:31:53Z/

url

https://github.com/snyk/go-application-framework/commit/ca7ba7d72e68455afb466a7a47bb2c9aece86c18

reference_url

https://docs.snyk.io/snyk-cli/debugging-the-snyk-cli

reference_id

debugging-the-snyk-cli

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H/E:P

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

value	1.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:P

value	2.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-26T13:31:53Z/

url

https://docs.snyk.io/snyk-cli/debugging-the-snyk-cli

reference_url	https://github.com/advisories/GHSA-6hwc-9h8r-3vmf
reference_id	GHSA-6hwc-9h8r-3vmf
reference_type
scores
url	https://github.com/advisories/GHSA-6hwc-9h8r-3vmf

reference_url

https://security.snyk.io/vuln/SNYK-JS-SNYK-10497607

reference_id

SNYK-JS-SNYK-10497607

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H/E:P

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

value	1.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:P

value	2.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-26T13:31:53Z/

url

https://security.snyk.io/vuln/SNYK-JS-SNYK-10497607

reference_url

https://github.com/snyk/cli/releases/tag/v1.1297.3

reference_id

v1.1297.3

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H/E:P

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

value	1.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:P

value	2.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-26T13:31:53Z/

url

https://github.com/snyk/cli/releases/tag/v1.1297.3

fixed_packages

url	pkg:npm/snyk@1.1297.3
purl	pkg:npm/snyk@1.1297.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/snyk@1.1297.3

aliases CVE-2025-6624, GHSA-6hwc-9h8r-3vmf

risk_score 3.2

exploitability 0.5

weighted_severity 6.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6w25-4kgm-p7aj

Fixing_vulnerabilities

Risk_score 3.2

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/snyk@1.1095.0

Package Instance