{"url":"http://public2.vulnerablecode.io/api/packages/930744?format=json","purl":"pkg:npm/seroval@1.3.1","type":"npm","namespace":"","name":"seroval","version":"1.3.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.4.1","latest_non_vulnerable_version":"1.4.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83173?format=json","vulnerability_id":"VCID-2g3y-wzmd-vbcu","summary":"Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0\nand below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a `depthLimit` parameter in serialization/deserialization methods. An error will be thrown if the depth limit is reached.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24006.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24006.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24006","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12867","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12952","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12973","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12963","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24006"},{"reference_url":"https://github.com/lxsmnsyc/seroval","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/lxsmnsyc/seroval"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431924","reference_id":"2431924","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431924"},{"reference_url":"https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060","reference_id":"ce9408ebc87312fcad345a73c172212f2a798060","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-22T12:50:03Z/"}],"url":"https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24006","reference_id":"CVE-2026-24006","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24006"},{"reference_url":"https://github.com/advisories/GHSA-3j22-8qj3-26mx","reference_id":"GHSA-3j22-8qj3-26mx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3j22-8qj3-26mx"},{"reference_url":"https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-3j22-8qj3-26mx","reference_id":"GHSA-3j22-8qj3-26mx","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-22T12:50:03Z/"}],"url":"https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-3j22-8qj3-26mx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38024?format=json","purl":"pkg:npm/seroval@1.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/seroval@1.4.1"}],"aliases":["CVE-2026-24006","GHSA-3j22-8qj3-26mx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2g3y-wzmd-vbcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66733?format=json","vulnerability_id":"VCID-8unp-8kbe-67gb","summary":"seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, due to improper input validation, a malicious object key can lead to prototype pollution during JSON deserialization. This vulnerability affects only JSON deserialization functionality. This issue is fixed in version 1.4.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23736.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23736.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23736","reference_id":"","reference_type":"","scores":[{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56511","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56634","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56645","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56631","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23736"},{"reference_url":"https://github.com/lxsmnsyc/seroval","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/lxsmnsyc/seroval"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431898","reference_id":"2431898","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431898"},{"reference_url":"https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060","reference_id":"ce9408ebc87312fcad345a73c172212f2a798060","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-22T14:45:46Z/"}],"url":"https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23736","reference_id":"CVE-2026-23736","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23736"},{"reference_url":"https://github.com/advisories/GHSA-hj76-42vx-jwp4","reference_id":"GHSA-hj76-42vx-jwp4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hj76-42vx-jwp4"},{"reference_url":"https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-hj76-42vx-jwp4","reference_id":"GHSA-hj76-42vx-jwp4","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-22T14:45:46Z/"}],"url":"https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-hj76-42vx-jwp4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38024?format=json","purl":"pkg:npm/seroval@1.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/seroval@1.4.1"}],"aliases":["CVE-2026-23736","GHSA-hj76-42vx-jwp4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8unp-8kbe-67gb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66764?format=json","vulnerability_id":"VCID-c8sb-nz2h-m3f2","summary":"seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. Exploitation is possible via overriding constant value and error deserialization, allowing indirect access to unsafe JS evaluation. At minimum, attackers need the ability to perform 4 separate requests on the same function, and partial knowledge of how the serialized data is used during later runtime processing. This vulnerability affects the fromJSON and fromCrossJSON functions in a client-to-server transmission scenario. This issue has been fixed in version 1.4.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23737.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23737.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23737","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33871","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.3405","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.3407","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34048","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23737"},{"reference_url":"https://github.com/lxsmnsyc/seroval","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/lxsmnsyc/seroval"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431896","reference_id":"2431896","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431896"},{"reference_url":"https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060","reference_id":"ce9408ebc87312fcad345a73c172212f2a798060","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T21:54:58Z/"}],"url":"https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23737","reference_id":"CVE-2026-23737","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23737"},{"reference_url":"https://github.com/advisories/GHSA-3rxj-6cgf-8cfw","reference_id":"GHSA-3rxj-6cgf-8cfw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3rxj-6cgf-8cfw"},{"reference_url":"https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-3rxj-6cgf-8cfw","reference_id":"GHSA-3rxj-6cgf-8cfw","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T21:54:58Z/"}],"url":"https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-3rxj-6cgf-8cfw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38024?format=json","purl":"pkg:npm/seroval@1.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/seroval@1.4.1"}],"aliases":["CVE-2026-23737","GHSA-3rxj-6cgf-8cfw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c8sb-nz2h-m3f2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66802?format=json","vulnerability_id":"VCID-dc7y-wbgb-1bec","summary":"seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 0.2.0 through 1.4.0, overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegExp serialization with patterns that trigger catastrophic backtracking can lead to ReDoS (Regular Expression Denial of Service). This issue has been fixed in version 1.4.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23956.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23956.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23956","reference_id":"","reference_type":"","scores":[{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21331","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21317","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21344","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21149","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23956"},{"reference_url":"https://github.com/lxsmnsyc/seroval","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/lxsmnsyc/seroval"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431917","reference_id":"2431917","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431917"},{"reference_url":"https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060","reference_id":"ce9408ebc87312fcad345a73c172212f2a798060","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-22T19:14:20Z/"}],"url":"https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23956","reference_id":"CVE-2026-23956","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23956"},{"reference_url":"https://github.com/advisories/GHSA-hx9m-jf43-8ffr","reference_id":"GHSA-hx9m-jf43-8ffr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hx9m-jf43-8ffr"},{"reference_url":"https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-hx9m-jf43-8ffr","reference_id":"GHSA-hx9m-jf43-8ffr","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-22T19:14:20Z/"}],"url":"https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-hx9m-jf43-8ffr"},{"reference_url":"https://github.com/lxsmnsyc/seroval/blob/v0.2.0/packages/seroval/src/index.ts#L90","reference_id":"index.ts#L90","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-22T19:14:20Z/"}],"url":"https://github.com/lxsmnsyc/seroval/blob/v0.2.0/packages/seroval/src/index.ts#L90"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38024?format=json","purl":"pkg:npm/seroval@1.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/seroval@1.4.1"}],"aliases":["CVE-2026-23956","GHSA-hx9m-jf43-8ffr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dc7y-wbgb-1bec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66848?format=json","vulnerability_id":"VCID-m8ap-v2y9-tbbg","summary":"seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0\nand below, overriding encoded array lengths by replacing them with an excessively large value causes the deserialization process to significantly increase processing time. This issue has been fixed in version 1.4.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23957.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23957.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23957","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12867","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12952","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12973","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12963","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23957"},{"reference_url":"https://github.com/lxsmnsyc/seroval","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/lxsmnsyc/seroval"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431914","reference_id":"2431914","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431914"},{"reference_url":"https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060","reference_id":"ce9408ebc87312fcad345a73c172212f2a798060","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-22T18:56:07Z/"}],"url":"https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23957","reference_id":"CVE-2026-23957","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23957"},{"reference_url":"https://github.com/advisories/GHSA-66fc-rw6m-c2q6","reference_id":"GHSA-66fc-rw6m-c2q6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-66fc-rw6m-c2q6"},{"reference_url":"https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-66fc-rw6m-c2q6","reference_id":"GHSA-66fc-rw6m-c2q6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-22T18:56:07Z/"}],"url":"https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-66fc-rw6m-c2q6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38024?format=json","purl":"pkg:npm/seroval@1.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/seroval@1.4.1"}],"aliases":["CVE-2026-23957","GHSA-66fc-rw6m-c2q6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m8ap-v2y9-tbbg"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/seroval@1.3.1"}