System	Score	Found at
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-hg78-c92r-hvwr
cvssv3.1	7.5	https://github.com/mqttjs/MQTT.js
generic_textual	HIGH	https://github.com/mqttjs/MQTT.js
cvssv3	7.5	https://github.com/mqttjs/MQTT.js/blob/388a084d7803934b18b43c1146c817deaa1396b1/lib/parse.js#L230
cvssv3.1	7.5	https://github.com/mqttjs/MQTT.js/blob/388a084d7803934b18b43c1146c817deaa1396b1/lib/parse.js#L230
generic_textual	HIGH	https://github.com/mqttjs/MQTT.js/blob/388a084d7803934b18b43c1146c817deaa1396b1/lib/parse.js#L230
cvssv3	7.5	https://github.com/nodejs/security-wg/blob/main/vuln/npm/140.json
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2016-1000242
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2016-1000242
cvssv3.1	7.5	https://snyk.io/vuln/npm:mqtt:20160817
generic_textual	HIGH	https://snyk.io/vuln/npm:mqtt:20160817
cvssv3.1	7.5	https://www.npmjs.com/advisories/140
generic_textual	HIGH	https://www.npmjs.com/advisories/140

Reference id	Reference type	URL
		https://github.com/mqttjs/MQTT.js
		https://github.com/mqttjs/MQTT.js/blob/388a084d7803934b18b43c1146c817deaa1396b1/lib/parse.js#L230
		https://snyk.io/vuln/npm:mqtt:20160817
		https://www.npmjs.com/advisories/140
140		https://github.com/nodejs/security-wg/blob/main/vuln/npm/140.json
CVE-2016-1000242		https://nvd.nist.gov/vuln/detail/CVE-2016-1000242
GHSA-hg78-c92r-hvwr		https://github.com/advisories/GHSA-hg78-c92r-hvwr

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/mqttjs/MQTT.js

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/mqttjs/MQTT.js/blob/388a084d7803934b18b43c1146c817deaa1396b1/lib/parse.js#L230

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-1000242

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://snyk.io/vuln/npm:mqtt:20160817

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.npmjs.com/advisories/140

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-31T00:53:07.430734+00:00	GHSA Importer	Import	https://github.com/advisories/GHSA-hg78-c92r-hvwr	38.6.0