{"url":"http://public2.vulnerablecode.io/api/packages/98382?format=json","purl":"pkg:rpm/redhat/nodejs-nodemon@2.0.19-1?arch=el9_0","type":"rpm","namespace":"redhat","name":"nodejs-nodemon","version":"2.0.19-1","qualifiers":{"arch":"el9_0"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45135?format=json","vulnerability_id":"VCID-4f1w-xpyy-2fcf","summary":"glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex\nThis affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28469.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28469.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28469","reference_id":"","reference_type":"","scores":[{"value":"0.00888","scoring_system":"epss","scoring_elements":"0.75465","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00888","scoring_system":"epss","scoring_elements":"0.75446","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00888","scoring_system":"epss","scoring_elements":"0.75431","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00888","scoring_system":"epss","scoring_elements":"0.75434","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00913","scoring_system":"epss","scoring_elements":"0.75863","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00913","scoring_system":"epss","scoring_elements":"0.75887","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00913","scoring_system":"epss","scoring_elements":"0.75868","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00913","scoring_system":"epss","scoring_elements":"0.75851","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76965","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76958","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76924","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76932","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76928","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76886","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76998","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76968","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00991","scoring_system":"epss","scoring_elements":"0.76978","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28469"},{"reference_url":"https://github.com/gulpjs/glob-parent","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/gulpjs/glob-parent"},{"reference_url":"https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9"},{"reference_url":"https://github.com/gulpjs/glob-parent/commit/4a80667c69355c76a572a5892b0f133c8e1f457e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/gulpjs/glob-parent/commit/4a80667c69355c76a572a5892b0f133c8e1f457e"},{"reference_url":"https://github.com/gulpjs/glob-parent/pull/36","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/gulpjs/glob-parent/pull/36"},{"reference_url":"https://github.com/gulpjs/glob-parent/pull/36/commits/c6db86422a9731d4f3d332ce4a81c27ea6b0ee46","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/gulpjs/glob-parent/pull/36/commits/c6db86422a9731d4f3d332ce4a81c27ea6b0ee46"},{"reference_url":"https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28469","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28469"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1945459","reference_id":"1945459","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1945459"},{"reference_url":"https://github.com/advisories/GHSA-ww39-953v-wcq6","reference_id":"GHSA-ww39-953v-wcq6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ww39-953v-wcq6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2438","reference_id":"RHSA-2021:2438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2438"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2865","reference_id":"RHSA-2021:2865","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2865"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3280","reference_id":"RHSA-2021:3280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3281","reference_id":"RHSA-2021:3281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4626","reference_id":"RHSA-2021:4626","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4626"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5171","reference_id":"RHSA-2021:5171","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0246","reference_id":"RHSA-2022:0246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0350","reference_id":"RHSA-2022:0350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6595","reference_id":"RHSA-2022:6595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6595"}],"fixed_packages":[],"aliases":["CVE-2020-28469","GHSA-ww39-953v-wcq6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4f1w-xpyy-2fcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33208?format=json","vulnerability_id":"VCID-7tyw-ppyt-zqgr","summary":"ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse\n### Overview\nThe `ini` npm package before version 1.3.6 has a Prototype Pollution vulnerability.\n\nIf an attacker submits a malicious INI file to an application that parses it with `ini.parse`, they will pollute the prototype on the application. This can be exploited further depending on the context.\n\n### Patches\n\nThis has been patched in 1.3.6.\n\n### Steps to reproduce\n\npayload.ini\n```\n[__proto__]\npolluted = \"polluted\"\n```\n\npoc.js:\n```\nvar fs = require('fs')\nvar ini = require('ini')\n\nvar parsed = ini.parse(fs.readFileSync('./payload.ini', 'utf-8'))\nconsole.log(parsed)\nconsole.log(parsed.__proto__)\nconsole.log(polluted)\n```\n\n```\n> node poc.js\n{}\n{ polluted: 'polluted' }\n{ polluted: 'polluted' }\npolluted\n```","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7788.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7788.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7788","reference_id":"","reference_type":"","scores":[{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52392","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52471","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52437","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52489","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52484","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52535","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52518","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52502","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52541","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52546","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.5253","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52477","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52488","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52449","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52398","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52444","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788"},{"reference_url":"https://github.com/npm/ini","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/ini"},{"reference_url":"https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7788","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7788"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-INI-1048974","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-INI-1048974"},{"reference_url":"https://www.npmjs.com/advisories/1589","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1589"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1907444","reference_id":"1907444","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1907444"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977718","reference_id":"977718","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977718"},{"reference_url":"https://github.com/advisories/GHSA-qqgx-2p2h-9c37","reference_id":"GHSA-qqgx-2p2h-9c37","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qqgx-2p2h-9c37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0421","reference_id":"RHSA-2021:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0485","reference_id":"RHSA-2021:0485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0521","reference_id":"RHSA-2021:0521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0548","reference_id":"RHSA-2021:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0549","reference_id":"RHSA-2021:0549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0551","reference_id":"RHSA-2021:0551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3280","reference_id":"RHSA-2021:3280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3281","reference_id":"RHSA-2021:3281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5171","reference_id":"RHSA-2021:5171","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0246","reference_id":"RHSA-2022:0246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0350","reference_id":"RHSA-2022:0350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6595","reference_id":"RHSA-2022:6595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6595"}],"fixed_packages":[],"aliases":["CVE-2020-7788","GHSA-qqgx-2p2h-9c37"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7tyw-ppyt-zqgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11245?format=json","vulnerability_id":"VCID-c86y-234c-s3hu","summary":"ansi-regex is vulnerable to Inefficient Regular Expression Complexity","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3807.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3807.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3807","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43851","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43777","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43899","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43984","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43981","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.4403","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44096","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44105","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44043","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44059","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44076","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44074","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44023","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44092","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44069","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44021","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3807"},{"reference_url":"https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3807"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/chalk/ansi-regex","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/chalk/ansi-regex"},{"reference_url":"https://github.com/chalk/ansi-regex/commit/419250fa510bf31b4cc672e76537a64f9332e1f1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/chalk/ansi-regex/commit/419250fa510bf31b4cc672e76537a64f9332e1f1"},{"reference_url":"https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a"},{"reference_url":"https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9"},{"reference_url":"https://github.com/chalk/ansi-regex/commit/c3c0b3f2736b9c01feec0fef33980c43720dcde8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/chalk/ansi-regex/commit/c3c0b3f2736b9c01feec0fef33980c43720dcde8"},{"reference_url":"https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311"},{"reference_url":"https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774"},{"reference_url":"https://github.com/chalk/ansi-regex/releases/tag/v6.0.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/chalk/ansi-regex/releases/tag/v6.0.1"},{"reference_url":"https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221014-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20221014-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221014-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20221014-0002/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2007557","reference_id":"2007557","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2007557"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994568","reference_id":"994568","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994568"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3807","reference_id":"CVE-2021-3807","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3807"},{"reference_url":"https://github.com/advisories/GHSA-93q8-gq69-wqmw","reference_id":"GHSA-93q8-gq69-wqmw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-93q8-gq69-wqmw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5171","reference_id":"RHSA-2021:5171","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0041","reference_id":"RHSA-2022:0041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0246","reference_id":"RHSA-2022:0246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0350","reference_id":"RHSA-2022:0350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4711","reference_id":"RHSA-2022:4711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4711"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4814","reference_id":"RHSA-2022:4814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4814"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5483","reference_id":"RHSA-2022:5483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5555","reference_id":"RHSA-2022:5555","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5555"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6449","reference_id":"RHSA-2022:6449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6595","reference_id":"RHSA-2022:6595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3742","reference_id":"RHSA-2023:3742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3742"}],"fixed_packages":[],"aliases":["CVE-2021-3807","GHSA-93q8-gq69-wqmw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c86y-234c-s3hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54255?format=json","vulnerability_id":"VCID-vg3f-8mjh-bbf5","summary":"Got allows a redirect to a UNIX socket\nThe got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-33987.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-33987.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-33987","reference_id":"","reference_type":"","scores":[{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74164","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74169","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74136","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74138","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74263","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74254","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74228","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74219","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74181","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74187","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74205","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74184","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0083","scoring_system":"epss","scoring_elements":"0.74608","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0083","scoring_system":"epss","scoring_elements":"0.74605","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0083","scoring_system":"epss","scoring_elements":"0.74638","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-33987"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33987","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33987"},{"reference_url":"https://github.com/sindresorhus/got","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sindresorhus/got"},{"reference_url":"https://github.com/sindresorhus/got/commit/861ccd9ac2237df762a9e2beed7edd88c60782dc","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sindresorhus/got/commit/861ccd9ac2237df762a9e2beed7edd88c60782dc"},{"reference_url":"https://github.com/sindresorhus/got/compare/v12.0.3...v12.1.0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sindresorhus/got/compare/v12.0.3...v12.1.0"},{"reference_url":"https://github.com/sindresorhus/got/pull/2047","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sindresorhus/got/pull/2047"},{"reference_url":"https://github.com/sindresorhus/got/releases/tag/v11.8.5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sindresorhus/got/releases/tag/v11.8.5"},{"reference_url":"https://github.com/sindresorhus/got/releases/tag/v12.1.0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sindresorhus/got/releases/tag/v12.1.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-33987","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-33987"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013264","reference_id":"1013264","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013264"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102001","reference_id":"2102001","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102001"},{"reference_url":"https://github.com/advisories/GHSA-pfrx-2q88-qq97","reference_id":"GHSA-pfrx-2q88-qq97","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pfrx-2q88-qq97"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6389","reference_id":"RHSA-2022:6389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6448","reference_id":"RHSA-2022:6448","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6449","reference_id":"RHSA-2022:6449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6595","reference_id":"RHSA-2022:6595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6985","reference_id":"RHSA-2022:6985","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6985"}],"fixed_packages":[],"aliases":["CVE-2022-33987","GHSA-pfrx-2q88-qq97"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vg3f-8mjh-bbf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44754?format=json","vulnerability_id":"VCID-vg7c-pctm-m7gn","summary":"ReDoS in normalize-url\nThe normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33502.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33502.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33502","reference_id":"","reference_type":"","scores":[{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57737","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57781","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57801","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57782","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57824","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57847","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57848","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.57819","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64316","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.6423","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64288","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64273","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64322","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64336","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64349","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64338","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33502"},{"reference_url":"https://github.com/sindresorhus/normalize-url","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sindresorhus/normalize-url"},{"reference_url":"https://github.com/sindresorhus/normalize-url/commit/b1fdb5120b6d27a88400d8800e67ff5a22bd2103","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sindresorhus/normalize-url/commit/b1fdb5120b6d27a88400d8800e67ff5a22bd2103"},{"reference_url":"https://github.com/sindresorhus/normalize-url/releases/tag/v6.0.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sindresorhus/normalize-url/releases/tag/v6.0.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33502","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33502"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210706-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210706-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210706-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210706-0001/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1964461","reference_id":"1964461","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1964461"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989258","reference_id":"989258","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989258"},{"reference_url":"https://github.com/advisories/GHSA-px4h-xg32-q955","reference_id":"GHSA-px4h-xg32-q955","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-px4h-xg32-q955"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2931","reference_id":"RHSA-2021:2931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2932","reference_id":"RHSA-2021:2932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5171","reference_id":"RHSA-2021:5171","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0246","reference_id":"RHSA-2022:0246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0350","reference_id":"RHSA-2022:0350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4711","reference_id":"RHSA-2022:4711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4711"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6595","reference_id":"RHSA-2022:6595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6595"}],"fixed_packages":[],"aliases":["CVE-2021-33502","GHSA-px4h-xg32-q955"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vg7c-pctm-m7gn"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nodejs-nodemon@2.0.19-1%3Farch=el9_0"}