VulnerableCode Package Details - pkg:deb/debian/node-postcss@6.0.23-1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/node-postcss@6.0.23-1

Essentials
History (5)

purl	pkg:deb/debian/node-postcss@6.0.23-1

Next non-vulnerable version	8.5.15+~cs9.3.34-1
Latest non-vulnerable version	8.5.15+~cs9.3.34-1
Risk	3.1

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-hvjq-h8w2-kug3 Aliases: CVE-2023-44270 GHSA-7fh5-64p2-3v2j	An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.	8.4.20+~cs8.0.23-1+deb12u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-qczx-2gmc-hfhc Aliases: CVE-2024-55565 GHSA-mwcw-c2x4-8c55	nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.	8.4.20+~cs8.0.23-1+deb12u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-u7tm-7cnj-efbg Aliases: CVE-2021-23566 GHSA-qrpm-p2h7-hrv2	Exposure of Sensitive Information to an Unauthorized Actor in nanoid	8.4.20+~cs8.0.23-1+deb12u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-xe9k-t7jx-wba5 Aliases: CVE-2021-23368 GHSA-hwj9-h5mp-3pm3	The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.	8.2.1+~cs5.3.23-8 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-zfzz-5p91-j7g9 Aliases: CVE-2021-23382 GHSA-566m-qj78-rww5	Regular Expression Denial of Service in postcss	8.2.1+~cs5.3.23-8 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T12:06:00.402221+00:00	Debian Oval Importer	Affected by	VCID-u7tm-7cnj-efbg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T08:11:51.198545+00:00	Debian Oval Importer	Affected by	VCID-hvjq-h8w2-kug3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T07:27:57.250956+00:00	Debian Oval Importer	Affected by	VCID-qczx-2gmc-hfhc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T06:25:59.127237+00:00	Debian Oval Importer	Affected by	VCID-xe9k-t7jx-wba5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T02:07:54.705277+00:00	Debian Oval Importer	Affected by	VCID-zfzz-5p91-j7g9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0