Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/svelte@5.2.1
Typenpm
Namespace
Namesvelte
Version5.2.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.53.5
Latest_non_vulnerable_version5.55.7
Affected_by_vulnerabilities
0
url VCID-2x29-rs51-hfha
vulnerability_id VCID-2x29-rs51-hfha
summary 
Svelte affected by cross-site scripting via spread attributes in Svelte SSR
Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting (XSS) during server-side rendering. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an attacker can inject malicious event handlers that execute in victims' browsers.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27121.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27121.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27121
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01418
published_at 2026-06-09T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.0142
published_at 2026-06-08T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01425
published_at 2026-06-06T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01427
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27121
2
reference_url https://github.com/sveltejs/svelte
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2441532
reference_id 2441532
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2441532
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27121
reference_id CVE-2026-27121
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27121
5
reference_url https://github.com/advisories/GHSA-f7gr-6p89-r883
reference_id GHSA-f7gr-6p89-r883
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f7gr-6p89-r883
6
reference_url https://github.com/sveltejs/svelte/security/advisories/GHSA-f7gr-6p89-r883
reference_id GHSA-f7gr-6p89-r883
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:31:36Z/
url https://github.com/sveltejs/svelte/security/advisories/GHSA-f7gr-6p89-r883
fixed_packages
0
url pkg:npm/svelte@5.51.5
purl pkg:npm/svelte@5.51.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-967r-bg6y-2bd6
1
vulnerability VCID-f7b2-jqpu-27bs
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.51.5
aliases CVE-2026-27121, GHSA-f7gr-6p89-r883
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2x29-rs51-hfha
1
url VCID-967r-bg6y-2bd6
vulnerability_id VCID-967r-bg6y-2bd6
summary 
Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`
The contents of `bind:innerText` and `bind:textContent` on `contenteditable` elements were not properly escaped. This could enable HTML injection and Cross-site Scripting (XSS) if rendering untrusted data as the binding's initial value on the server.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27901.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27901.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27901
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.1034
published_at 2026-06-09T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.10421
published_at 2026-06-05T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.10441
published_at 2026-06-06T12:55:00Z
3
value 0.00034
scoring_system epss
scoring_elements 0.10399
published_at 2026-06-07T12:55:00Z
4
value 0.00034
scoring_system epss
scoring_elements 0.10315
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27901
2
reference_url https://github.com/sveltejs/svelte
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte
3
reference_url https://github.com/sveltejs/svelte/commit/0df5abcae223058ceb95491470372065fb87951d
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:30:46Z/
url https://github.com/sveltejs/svelte/commit/0df5abcae223058ceb95491470372065fb87951d
4
reference_url https://github.com/sveltejs/svelte/releases/tag/svelte@5.53.5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte/releases/tag/svelte@5.53.5
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442918
reference_id 2442918
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442918
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27901
reference_id CVE-2026-27901
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27901
7
reference_url https://github.com/advisories/GHSA-phwv-c562-gvmh
reference_id GHSA-phwv-c562-gvmh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-phwv-c562-gvmh
8
reference_url https://github.com/sveltejs/svelte/security/advisories/GHSA-phwv-c562-gvmh
reference_id GHSA-phwv-c562-gvmh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:30:46Z/
url https://github.com/sveltejs/svelte/security/advisories/GHSA-phwv-c562-gvmh
9
reference_url https://github.com/sveltejs/svelte/releases/tag/svelte%405.53.5
reference_id svelte%405.53.5
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:30:46Z/
url https://github.com/sveltejs/svelte/releases/tag/svelte%405.53.5
fixed_packages
0
url pkg:npm/svelte@5.53.5
purl pkg:npm/svelte@5.53.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.53.5
aliases CVE-2026-27901, GHSA-phwv-c562-gvmh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-967r-bg6y-2bd6
2
url VCID-bq9b-9t2h-sydd
vulnerability_id VCID-bq9b-9t2h-sydd
summary 
Svelte SSR attribute spreading includes inherited properties from prototype chain
In server-side rendering, attribute spreading on elements (e.g. `<div {...attrs}>`) enumerates inherited properties from the object's prototype chain rather than only own properties. In environments where `Object.prototype` has already been polluted — a precondition outside of Svelte's control — this can cause unexpected attributes to appear in SSR output or cause SSR to throw errors. Client-side rendering is not affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27125.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27125.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27125
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09048
published_at 2026-06-09T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.09083
published_at 2026-06-05T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.091
published_at 2026-06-06T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.09079
published_at 2026-06-07T12:55:00Z
4
value 0.0003
scoring_system epss
scoring_elements 0.0902
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27125
2
reference_url https://github.com/sveltejs/svelte
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte
3
reference_url https://github.com/sveltejs/svelte/commit/73098bb26c6f06e7fd1b0746d817d2c5ee90755f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T21:33:01Z/
url https://github.com/sveltejs/svelte/commit/73098bb26c6f06e7fd1b0746d817d2c5ee90755f
4
reference_url https://github.com/sveltejs/svelte/releases/tag/svelte@5.51.5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T21:33:01Z/
url https://github.com/sveltejs/svelte/releases/tag/svelte@5.51.5
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2441511
reference_id 2441511
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2441511
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27125
reference_id CVE-2026-27125
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27125
7
reference_url https://github.com/advisories/GHSA-crpf-4hrx-3jrp
reference_id GHSA-crpf-4hrx-3jrp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-crpf-4hrx-3jrp
8
reference_url https://github.com/sveltejs/svelte/security/advisories/GHSA-crpf-4hrx-3jrp
reference_id GHSA-crpf-4hrx-3jrp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T21:33:01Z/
url https://github.com/sveltejs/svelte/security/advisories/GHSA-crpf-4hrx-3jrp
fixed_packages
0
url pkg:npm/svelte@5.51.5
purl pkg:npm/svelte@5.51.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-967r-bg6y-2bd6
1
vulnerability VCID-f7b2-jqpu-27bs
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.51.5
aliases CVE-2026-27125, GHSA-crpf-4hrx-3jrp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bq9b-9t2h-sydd
3
url VCID-s9rd-dy7s-wka4
vulnerability_id VCID-s9rd-dy7s-wka4
summary 
Svelte SSR does not validate dynamic element tag names in `<svelte:element>`
When using `<svelte:element this={tag}>` in server-side rendering, the provided tag name is not validated or sanitized before being emitted into the HTML output. If the tag string contains unexpected characters, it can result in HTML injection in the SSR output. Client-side rendering is not affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27122.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27122.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27122
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01382
published_at 2026-06-09T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01385
published_at 2026-06-05T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01389
published_at 2026-06-06T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.0139
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27122
2
reference_url https://github.com/sveltejs/svelte
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2441520
reference_id 2441520
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2441520
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27122
reference_id CVE-2026-27122
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27122
5
reference_url https://github.com/advisories/GHSA-m56q-vw4c-c2cp
reference_id GHSA-m56q-vw4c-c2cp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m56q-vw4c-c2cp
6
reference_url https://github.com/sveltejs/svelte/security/advisories/GHSA-m56q-vw4c-c2cp
reference_id GHSA-m56q-vw4c-c2cp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:22:44Z/
url https://github.com/sveltejs/svelte/security/advisories/GHSA-m56q-vw4c-c2cp
fixed_packages
0
url pkg:npm/svelte@5.51.5
purl pkg:npm/svelte@5.51.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-967r-bg6y-2bd6
1
vulnerability VCID-f7b2-jqpu-27bs
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.51.5
aliases CVE-2026-27122, GHSA-m56q-vw4c-c2cp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s9rd-dy7s-wka4
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.2.1