VulnerableCode Package Details - pkg:npm/postcss@7.0.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/postcss@7.0.2

Essentials
History (4)

purl	pkg:npm/postcss@7.0.2

Next non-vulnerable version	8.5.10
Latest non-vulnerable version	8.5.10
Risk

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-a8y9-84au-zyar Aliases: CVE-2021-23382 GHSA-566m-qj78-rww5		7.0.36 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 8.2.13 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-b47r-t8mv-xkd4 Aliases: CVE-2023-44270 GHSA-7fh5-64p2-3v2j	PostCSS line return parsing error An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be `\r` discrepancies, as demonstrated by `@font-face{ font:(\r/*);}` in a rule. This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.	8.4.31 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-m3s6-bzgu-b3d4 Aliases: CVE-2026-41305 GHSA-qx2v-qp2m-jg93		8.5.10 Affected by 0 other vulnerabilities.
VCID-u236-buqn-cuhe Aliases: CVE-2021-23368 GHSA-hwj9-h5mp-3pm3		7.0.36 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 8.2.10 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-01T10:57:06.648327+00:00	GitLab Importer	Affected by	VCID-m3s6-bzgu-b3d4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/postcss/CVE-2026-41305.yml	38.6.0
2026-06-01T07:39:41.461186+00:00	GitLab Importer	Affected by	VCID-b47r-t8mv-xkd4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/postcss/CVE-2023-44270.yml	38.6.0
2026-06-01T06:07:07.707112+00:00	GitLab Importer	Affected by	VCID-a8y9-84au-zyar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/postcss/CVE-2021-23382.yml	38.6.0
2026-06-01T06:05:59.061210+00:00	GitLab Importer	Affected by	VCID-u236-buqn-cuhe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/postcss/CVE-2021-23368.yml	38.6.0