{"url":"http://public2.vulnerablecode.io/api/packages/949353?format=json","purl":"pkg:npm/seroval@0.11.3","type":"npm","namespace":"","name":"seroval","version":"0.11.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.4.1","latest_non_vulnerable_version":"1.4.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49808?format=json","vulnerability_id":"VCID-a6rv-9xp7-xbbr","summary":"seroval affected by Denial of Service via RegExp serialization\nOverriding RegExp serialization with extremely large patterns can **exhaust JavaScript runtime memory** during deserialization. Additionally, overriding RegExp serialization with patterns that trigger **catastrophic backtracking** can lead to ReDoS (Regular Expression Denial of Service).\n\n**Mitigation**:\n`Seroval` introduces `disabledFeatures` (a bitmask) in serialization/deserialization methods, with `Feature.RegExp` as a dedicated flag. **Users are recommended to configure `disabledFeatures` to disable RegExp serialization entirely.**","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23956.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23956.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23956","reference_id":"","reference_type":"","scores":[{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21104","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21215","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21201","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21158","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21094","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23956"},{"reference_url":"https://github.com/lxsmnsyc/seroval","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/lxsmnsyc/seroval"},{"reference_url":"https://github.com/lxsmnsyc/seroval/blob/v0.2.0/packages/seroval/src/index.ts#L90","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-22T19:14:20Z/"}],"url":"https://github.com/lxsmnsyc/seroval/blob/v0.2.0/packages/seroval/src/index.ts#L90"},{"reference_url":"https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-22T19:14:20Z/"}],"url":"https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431917","reference_id":"2431917","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431917"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23956","reference_id":"CVE-2026-23956","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23956"},{"reference_url":"https://github.com/advisories/GHSA-hx9m-jf43-8ffr","reference_id":"GHSA-hx9m-jf43-8ffr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hx9m-jf43-8ffr"},{"reference_url":"https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-hx9m-jf43-8ffr","reference_id":"GHSA-hx9m-jf43-8ffr","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-22T19:14:20Z/"}],"url":"https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-hx9m-jf43-8ffr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73543?format=json","purl":"pkg:npm/seroval@1.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/seroval@1.4.1"}],"aliases":["CVE-2026-23956","GHSA-hx9m-jf43-8ffr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a6rv-9xp7-xbbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49806?format=json","vulnerability_id":"VCID-gkpq-qcyv-j3h5","summary":"seroval Affected by Prototype Pollution via JSON Deserialization\nDue to improper input validation, a malicious object key can lead to prototype pollution during JSON deserialization.\nThis affects only JSON deserialization functionality.\n\nAs there is no known workaround, please upgrade to the latest version.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23736.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23736.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23736","reference_id":"","reference_type":"","scores":[{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56436","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56441","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56447","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56435","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56419","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23736"},{"reference_url":"https://github.com/lxsmnsyc/seroval","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/lxsmnsyc/seroval"},{"reference_url":"https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-22T14:45:46Z/"}],"url":"https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431898","reference_id":"2431898","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431898"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23736","reference_id":"CVE-2026-23736","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23736"},{"reference_url":"https://github.com/advisories/GHSA-hj76-42vx-jwp4","reference_id":"GHSA-hj76-42vx-jwp4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hj76-42vx-jwp4"},{"reference_url":"https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-hj76-42vx-jwp4","reference_id":"GHSA-hj76-42vx-jwp4","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-22T14:45:46Z/"}],"url":"https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-hj76-42vx-jwp4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73543?format=json","purl":"pkg:npm/seroval@1.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/seroval@1.4.1"}],"aliases":["CVE-2026-23736","GHSA-hj76-42vx-jwp4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gkpq-qcyv-j3h5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49793?format=json","vulnerability_id":"VCID-sfpt-vxvw-c7eh","summary":"seroval Affected by Remote Code Execution via JSON Deserialization\nImproper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution.\n\nThe vulnerability can be exploited via overriding constant value and error deserialization, which allows indirect access to unsafe JS evaluation. This requires at least the ability to perform 4 separate requests on the same function and partial knowledge of how the serialized data is used during later runtime processing.\n\nThis vulnerability affects the `fromJSON` and `fromCrossJSON` functions in a client-to-server transmission scenario.\n\nNo known workarounds or mitigations are known, so please upgrade to the patched version.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23737.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23737.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23737","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33833","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33861","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33876","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33842","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33808","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23737"},{"reference_url":"https://github.com/lxsmnsyc/seroval","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/lxsmnsyc/seroval"},{"reference_url":"https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T21:54:58Z/"}],"url":"https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431896","reference_id":"2431896","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431896"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23737","reference_id":"CVE-2026-23737","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23737"},{"reference_url":"https://github.com/advisories/GHSA-3rxj-6cgf-8cfw","reference_id":"GHSA-3rxj-6cgf-8cfw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3rxj-6cgf-8cfw"},{"reference_url":"https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-3rxj-6cgf-8cfw","reference_id":"GHSA-3rxj-6cgf-8cfw","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T21:54:58Z/"}],"url":"https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-3rxj-6cgf-8cfw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73543?format=json","purl":"pkg:npm/seroval@1.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/seroval@1.4.1"}],"aliases":["CVE-2026-23737","GHSA-3rxj-6cgf-8cfw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sfpt-vxvw-c7eh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49818?format=json","vulnerability_id":"VCID-ty6g-hy2b-63bm","summary":"Seroval affected by Denial of Service via Deeply Nested Objects\nSerialization of objects with extreme depth can **exceed the maximum call stack limit**.\n\n**Mitigation**:\n`Seroval` introduces a `depthLimit` parameter in serialization/deserialization methods. **An error will be thrown if the depth limit is reached.**","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24006.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24006.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24006","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12783","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12872","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12877","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12839","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12753","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24006"},{"reference_url":"https://github.com/lxsmnsyc/seroval","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/lxsmnsyc/seroval"},{"reference_url":"https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-22T12:50:03Z/"}],"url":"https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431924","reference_id":"2431924","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431924"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24006","reference_id":"CVE-2026-24006","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24006"},{"reference_url":"https://github.com/advisories/GHSA-3j22-8qj3-26mx","reference_id":"GHSA-3j22-8qj3-26mx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3j22-8qj3-26mx"},{"reference_url":"https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-3j22-8qj3-26mx","reference_id":"GHSA-3j22-8qj3-26mx","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-22T12:50:03Z/"}],"url":"https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-3j22-8qj3-26mx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73543?format=json","purl":"pkg:npm/seroval@1.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/seroval@1.4.1"}],"aliases":["CVE-2026-24006","GHSA-3j22-8qj3-26mx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ty6g-hy2b-63bm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49801?format=json","vulnerability_id":"VCID-wjht-rdkc-hbbm","summary":"Seroval affected by Denial of Service via Array serialization\nOverriding encoded array lengths by replacing them with an excessively large value causes the deserialization process to **significantly increase processing time**.\n\n**Mitigation**:\n`Seroval` no longer encodes array lengths.\nInstead, it computes length using `Array.prototype.length` during deserialization.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23957.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23957.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23957","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12783","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12872","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12877","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12839","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12753","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23957"},{"reference_url":"https://github.com/lxsmnsyc/seroval","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/lxsmnsyc/seroval"},{"reference_url":"https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-22T18:56:07Z/"}],"url":"https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431914","reference_id":"2431914","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431914"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23957","reference_id":"CVE-2026-23957","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23957"},{"reference_url":"https://github.com/advisories/GHSA-66fc-rw6m-c2q6","reference_id":"GHSA-66fc-rw6m-c2q6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-66fc-rw6m-c2q6"},{"reference_url":"https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-66fc-rw6m-c2q6","reference_id":"GHSA-66fc-rw6m-c2q6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-22T18:56:07Z/"}],"url":"https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-66fc-rw6m-c2q6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73543?format=json","purl":"pkg:npm/seroval@1.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/seroval@1.4.1"}],"aliases":["CVE-2026-23957","GHSA-66fc-rw6m-c2q6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wjht-rdkc-hbbm"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/seroval@0.11.3"}