Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40trpc/server@10.43.6
Typenpm
Namespace@trpc
Nameserver
Version10.43.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version10.45.3
Latest_non_vulnerable_version11.8.0
Affected_by_vulnerabilities
0
url VCID-pe4s-4ax8-ufab
vulnerability_id VCID-pe4s-4ax8-ufab
summary 
tRPC has possible prototype pollution in `experimental_nextAppDirCaller`
A Prototype Pollution vulnerability exists in `@trpc/server`'s `formDataToObject` function, which is used by the Next.js App Router adapter. An attacker can pollute `Object.prototype` by submitting specially crafted FormData field names, potentially leading to authorization bypass, denial of service, or other security impacts.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-68130
reference_id
reference_type
scores
0
value 0.00191
scoring_system epss
scoring_elements 0.40795
published_at 2026-06-07T12:55:00Z
1
value 0.00191
scoring_system epss
scoring_elements 0.40825
published_at 2026-06-06T12:55:00Z
2
value 0.00191
scoring_system epss
scoring_elements 0.4082
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-68130
1
reference_url https://github.com/trpc/trpc
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/trpc/trpc
2
reference_url https://github.com/trpc/trpc/commit/78629d524968ef8db5a7adf68d8b95a44369d77e
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/trpc/trpc/commit/78629d524968ef8db5a7adf68d8b95a44369d77e
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68130
reference_id CVE-2025-68130
reference_type
scores
0
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-68130
4
reference_url https://github.com/advisories/GHSA-43p4-m455-4f4j
reference_id GHSA-43p4-m455-4f4j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43p4-m455-4f4j
5
reference_url https://github.com/trpc/trpc/security/advisories/GHSA-43p4-m455-4f4j
reference_id GHSA-43p4-m455-4f4j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-16T21:38:30Z/
url https://github.com/trpc/trpc/security/advisories/GHSA-43p4-m455-4f4j
fixed_packages
0
url pkg:npm/%40trpc/server@10.45.3
purl pkg:npm/%40trpc/server@10.45.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540trpc/server@10.45.3
1
url pkg:npm/%40trpc/server@11.8.0
purl pkg:npm/%40trpc/server@11.8.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540trpc/server@11.8.0
aliases CVE-2025-68130, GHSA-43p4-m455-4f4j
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pe4s-4ax8-ufab
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540trpc/server@10.43.6