Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-1fja-d47y-nbhk

Summary Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. From 5.0.0 to before 5.0.42, an unauthenticated attacker can send a crafted GET request directly to /oauth/:provider/callback with a forged profile in the query string. The OAuth service's authentication payload has a fallback chain that reaches params.query (the raw request query) when Grant's session/state responses are empty. Since the attacker never initiated an OAuth authorize flow, Grant has no session to work with and produces no response, so the fallback fires. The forged profile then drives entity lookup and JWT minting. The attacker gets a valid access token for an existing user without ever contacting the OAuth provider. This vulnerability is fixed in 5.0.42.

Aliases

alias	CVE-2026-29792

alias	GHSA-wg9x-qfgw-pxhj

Fixed_packages

url	pkg:npm/%40feathersjs/authentication-oauth@5.0.42
purl	pkg:npm/%40feathersjs/authentication-oauth@5.0.42
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.42

Affected_packages

url pkg:npm/%40feathersjs/authentication-oauth@5.0.0

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.0

url pkg:npm/%40feathersjs/authentication-oauth@5.0.1

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.1

url pkg:npm/%40feathersjs/authentication-oauth@5.0.3

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.3

url pkg:npm/%40feathersjs/authentication-oauth@5.0.4

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.4

url pkg:npm/%40feathersjs/authentication-oauth@5.0.5

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.5

url pkg:npm/%40feathersjs/authentication-oauth@5.0.6

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.6

url pkg:npm/%40feathersjs/authentication-oauth@5.0.7

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.7

url pkg:npm/%40feathersjs/authentication-oauth@5.0.8

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.8

url pkg:npm/%40feathersjs/authentication-oauth@5.0.9

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.9

url pkg:npm/%40feathersjs/authentication-oauth@5.0.10

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.10

url pkg:npm/%40feathersjs/authentication-oauth@5.0.11

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.11

url pkg:npm/%40feathersjs/authentication-oauth@5.0.12

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.12

url pkg:npm/%40feathersjs/authentication-oauth@5.0.13

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.13

url pkg:npm/%40feathersjs/authentication-oauth@5.0.14

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.14

url pkg:npm/%40feathersjs/authentication-oauth@5.0.15

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.15

url pkg:npm/%40feathersjs/authentication-oauth@5.0.16

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.16

url pkg:npm/%40feathersjs/authentication-oauth@5.0.17

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.17

url pkg:npm/%40feathersjs/authentication-oauth@5.0.18

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.18

url pkg:npm/%40feathersjs/authentication-oauth@5.0.19

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.19

url pkg:npm/%40feathersjs/authentication-oauth@5.0.20

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.20

url pkg:npm/%40feathersjs/authentication-oauth@5.0.21

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.21

url pkg:npm/%40feathersjs/authentication-oauth@5.0.22

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.22

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.22

url pkg:npm/%40feathersjs/authentication-oauth@5.0.23

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.23

url pkg:npm/%40feathersjs/authentication-oauth@5.0.24

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.24

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.24

url pkg:npm/%40feathersjs/authentication-oauth@5.0.25

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.25

url pkg:npm/%40feathersjs/authentication-oauth@5.0.26

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.26

url pkg:npm/%40feathersjs/authentication-oauth@5.0.27

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.27

url pkg:npm/%40feathersjs/authentication-oauth@5.0.28

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.28

url pkg:npm/%40feathersjs/authentication-oauth@5.0.29

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.29

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.29

url pkg:npm/%40feathersjs/authentication-oauth@5.0.30

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.30

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.30

url pkg:npm/%40feathersjs/authentication-oauth@5.0.31

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.31

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.31

url pkg:npm/%40feathersjs/authentication-oauth@5.0.32

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.32

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.32

url pkg:npm/%40feathersjs/authentication-oauth@5.0.33

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.33

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.33

url pkg:npm/%40feathersjs/authentication-oauth@5.0.34

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.34

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.34

url pkg:npm/%40feathersjs/authentication-oauth@5.0.35

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.35

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.35

url pkg:npm/%40feathersjs/authentication-oauth@5.0.36

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.36

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.36

url pkg:npm/%40feathersjs/authentication-oauth@5.0.37

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.37

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.37

url pkg:npm/%40feathersjs/authentication-oauth@5.0.39

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.39

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

vulnerability	VCID-5y23-r4nf-wud7

vulnerability	VCID-gexc-1yra-8qek

vulnerability	VCID-y7f9-2t18-57br

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.39

url pkg:npm/%40feathersjs/authentication-oauth@5.0.40

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.40

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.40

url pkg:npm/%40feathersjs/authentication-oauth@5.0.41

purl pkg:npm/%40feathersjs/authentication-oauth@5.0.41

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fja-d47y-nbhk

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540feathersjs/authentication-oauth@5.0.41

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-29792

reference_id

reference_type

scores

value	0.0008
scoring_system	epss
scoring_elements	0.23599
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-29792

reference_url

https://github.com/feathersjs/feathers

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/feathersjs/feathers

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-29792

reference_id

CVE-2026-29792

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-29792

reference_url

https://github.com/advisories/GHSA-wg9x-qfgw-pxhj

reference_id

GHSA-wg9x-qfgw-pxhj

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wg9x-qfgw-pxhj

reference_url

https://github.com/feathersjs/feathers/security/advisories/GHSA-wg9x-qfgw-pxhj

reference_id

GHSA-wg9x-qfgw-pxhj

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-11T14:10:12Z/

url

https://github.com/feathersjs/feathers/security/advisories/GHSA-wg9x-qfgw-pxhj

Weaknesses

cwe_id	287
name	Improper Authentication
description	When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 9.0 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1fja-d47y-nbhk

Vulnerability Instance