[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-22020":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":62,"aliases":63,"duplicate_of":9,"upstream":64,"downstream":65,"duplicates":98,"related":99,"reserved_at":9,"published_at":118,"modified_at":119,"state":120,"summary":121,"references_raw":130,"kevs":148,"epss":149,"epss_history":152,"metrics":426,"affected":434},"CVE-2024-22020","A security flaw in Node.js  allows a bypass of network import restrictions.\nBy embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security.\nVerified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports.\nExploiting this flaw can violate network import security, posing a risk to developers and servers.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-94","Improper Control of Generation of Code ('Code Injection')","The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.","weakness","Draft","Base","Medium",[20,24,58],{"id":21,"name":22,"techniques":23},"CAPEC-242","Code Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-35","Leverage Executable Code in Non-Executable Files",[28,39,46],{"id":29,"name":30,"tactics":31,"countermeasures":38},"T1027.006","HTML Smuggling",[32,35],{"id":33,"name":34},"TA0030","Defense Evasion",{"id":36,"name":37},"TA0005","Stealth",[],{"id":40,"name":41,"tactics":42,"countermeasures":45},"T1027.009","Embedded Payloads",[43,44],{"id":33,"name":34},{"id":36,"name":37},[],{"id":47,"name":48,"tactics":49,"countermeasures":52},"T1564.009","Resource Forking",[50,51],{"id":33,"name":34},{"id":36,"name":37},[53],{"id":54,"name":55,"tactic":56},"D3-FFV","File Format Verification",{"name":57},"Isolate",{"id":59,"name":60,"techniques":61},"CAPEC-77","Manipulating User-Controlled Variables",[],[],[],[],[66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96],{"_key":67},"ALPINE-CVE-2024-22020",{"_key":69},"SUSE-SU-2024:2496-1",{"_key":71},"SUSE-SU-2024:2542-1",{"_key":73},"SUSE-SU-2024:2543-1",{"_key":75},"SUSE-SU-2024:2574-1",{"_key":77},"OPENSUSE-SU-2024:14214-1",{"_key":79},"OPENSUSE-SU-2024:14435-1",{"_key":81},"DSA-5991-1",{"_key":83},"RHSA-2024:5815",{"_key":85},"OPENSUSE-SU-2025:15802-1",{"_key":87},"MGASA-2024-0282",{"_key":89},"UBUNTU-CVE-2024-22020",{"_key":91},"DEBIAN-CVE-2024-22020",{"_key":93},"RHSA-2024:5814",{"_key":95},"RHSA-2024:6147",{"_key":97},"RHSA-2024:6148",[],[100,101,102,103,104,105,106,107,108,110,112,114,116],{"_key":69},{"_key":71},{"_key":73},{"_key":75},{"_key":77},{"_key":79},{"_key":85},{"_key":87},{"_key":109},"CGA-7R4R-VHXX-2HRG",{"_key":111},"CGA-H269-F79Q-W6J5",{"_key":113},"CGA-M4JG-4M5W-494X",{"_key":115},"CGA-XRJF-83C2-FCX8",{"_key":117},"CGA-5GCV-J397-8H99","2024-07-09T01:07:28.098Z","2025-04-30T22:25:20.702Z","Deferred",{"cisa_kev":122,"cisa_ransomware":122,"cisa_vendor":9,"epss_severity":123,"epss_score":124,"severity":125,"severity_score":126,"severity_version":127,"severity_source":128,"severity_vector":129,"severity_status":120},false,"low",0.00133,"medium",6.5,"v3.0","cve.org","CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H",[131,136,140,144],{"url":132,"sources":133,"tags":135},"https://hackerone.com/reports/2092749",[128,134],"nvd",[],{"url":137,"sources":138,"tags":139},"http://www.openwall.com/lists/oss-security/2024/07/11/6",[128,134],[],{"url":141,"sources":142,"tags":143},"http://www.openwall.com/lists/oss-security/2024/07/19/3",[128,134],[],{"url":145,"sources":146,"tags":147},"https://security.netapp.com/advisory/ntap-20241122-0006/",[128,134],[],[],{"date":150,"score":124,"percentile":151},"2026-06-04",0.32378,[153,157,160,163,165,168,171,174,177,180,183,186,189,192,195,199,202,205,208,211,214,217,220,223,225,228,231,234,238,241,244,247,250,253,255,258,261,264,267,270,273,276,279,282,285,289,292,295,298,302,305,308,311,314,317,320,323,326,329,333,336,339,342,345,348,351,354,357,359,362,365,368,371,375,378,381,384,387,390,393,396,399,402,405,408,411,414,417,420,423],{"date":154,"score":155,"percentile":156},"2025-11-04",0.00089,0.26076,{"date":158,"score":155,"percentile":159},"2025-11-05",0.26051,{"date":161,"score":155,"percentile":162},"2025-11-06",0.26056,{"date":164,"score":155,"percentile":162},"2025-11-07",{"date":166,"score":155,"percentile":167},"2025-11-08",0.26055,{"date":169,"score":155,"percentile":170},"2025-11-09",0.26009,{"date":172,"score":155,"percentile":173},"2025-11-10",0.25973,{"date":175,"score":155,"percentile":176},"2025-11-11",0.25984,{"date":178,"score":155,"percentile":179},"2025-11-12",0.26011,{"date":181,"score":155,"percentile":182},"2025-11-13",0.26014,{"date":184,"score":155,"percentile":185},"2025-11-14",0.26008,{"date":187,"score":155,"percentile":188},"2025-11-15",0.26001,{"date":190,"score":155,"percentile":191},"2025-11-16",0.25958,{"date":193,"score":155,"percentile":194},"2025-11-17",0.25918,{"date":196,"score":197,"percentile":198},"2025-11-18",0.00809,0.72082,{"date":200,"score":197,"percentile":201},"2025-11-19",0.7209,{"date":203,"score":197,"percentile":204},"2025-11-20",0.72097,{"date":206,"score":155,"percentile":207},"2025-11-21",0.25839,{"date":209,"score":155,"percentile":210},"2025-11-22",0.25837,{"date":212,"score":155,"percentile":213},"2025-11-23",0.25794,{"date":215,"score":155,"percentile":216},"2025-11-24",0.25769,{"date":218,"score":155,"percentile":219},"2025-11-25",0.2576,{"date":221,"score":155,"percentile":222},"2025-11-26",0.25743,{"date":224,"score":155,"percentile":222},"2025-11-27",{"date":226,"score":155,"percentile":227},"2025-11-28",0.25717,{"date":229,"score":155,"percentile":230},"2025-11-29",0.25706,{"date":232,"score":155,"percentile":233},"2025-11-30",0.25677,{"date":235,"score":236,"percentile":237},"2025-12-01",0.00079,0.23765,{"date":239,"score":236,"percentile":240},"2025-12-02",0.2378,{"date":242,"score":236,"percentile":243},"2025-12-03",0.23794,{"date":245,"score":155,"percentile":246},"2025-12-04",0.25679,{"date":248,"score":155,"percentile":249},"2025-12-05",0.25732,{"date":251,"score":155,"percentile":252},"2025-12-06",0.25739,{"date":254,"score":155,"percentile":230},"2025-12-07",{"date":256,"score":155,"percentile":257},"2025-12-08",0.25707,{"date":259,"score":155,"percentile":260},"2025-12-09",0.25756,{"date":262,"score":155,"percentile":263},"2025-12-10",0.25823,{"date":265,"score":155,"percentile":266},"2025-12-11",0.25841,{"date":268,"score":155,"percentile":269},"2025-12-12",0.25854,{"date":271,"score":155,"percentile":272},"2025-12-13",0.25859,{"date":274,"score":155,"percentile":275},"2025-12-14",0.25833,{"date":277,"score":155,"percentile":278},"2025-12-15",0.25805,{"date":280,"score":155,"percentile":281},"2025-12-16",0.25816,{"date":283,"score":155,"percentile":284},"2025-12-17",0.2589,{"date":286,"score":287,"percentile":288},"2025-12-18",0.00107,0.29781,{"date":290,"score":287,"percentile":291},"2025-12-19",0.29793,{"date":293,"score":287,"percentile":294},"2025-12-20",0.29771,{"date":296,"score":287,"percentile":297},"2025-12-21",0.29719,{"date":299,"score":300,"percentile":301},"2025-12-22",0.00145,0.35526,{"date":303,"score":300,"percentile":304},"2025-12-23",0.35523,{"date":306,"score":300,"percentile":307},"2025-12-24",0.35517,{"date":309,"score":300,"percentile":310},"2025-12-25",0.3558,{"date":312,"score":300,"percentile":313},"2025-12-26",0.35561,{"date":315,"score":300,"percentile":316},"2025-12-27",0.35576,{"date":318,"score":300,"percentile":319},"2025-12-28",0.35481,{"date":321,"score":300,"percentile":322},"2025-12-29",0.35452,{"date":324,"score":300,"percentile":325},"2025-12-30",0.35443,{"date":327,"score":300,"percentile":328},"2025-12-31",0.35502,{"date":330,"score":331,"percentile":332},"2026-01-01",0.0013,0.33348,{"date":334,"score":331,"percentile":335},"2026-01-02",0.33334,{"date":337,"score":331,"percentile":338},"2026-01-03",0.3332,{"date":340,"score":300,"percentile":341},"2026-01-04",0.35468,{"date":343,"score":300,"percentile":344},"2026-01-05",0.35449,{"date":346,"score":300,"percentile":347},"2026-01-06",0.35461,{"date":349,"score":300,"percentile":350},"2026-01-07",0.3548,{"date":352,"score":300,"percentile":353},"2026-01-08",0.35513,{"date":355,"score":300,"percentile":356},"2026-01-09",0.35509,{"date":358,"score":300,"percentile":353},"2026-01-10",{"date":360,"score":300,"percentile":361},"2026-01-11",0.35492,{"date":363,"score":300,"percentile":364},"2026-01-12",0.35432,{"date":366,"score":300,"percentile":367},"2026-01-13",0.35418,{"date":369,"score":300,"percentile":370},"2026-01-14",0.35462,{"date":372,"score":373,"percentile":374},"2026-01-15",0.0012,0.31693,{"date":376,"score":373,"percentile":377},"2026-01-16",0.31717,{"date":379,"score":373,"percentile":380},"2026-01-17",0.31713,{"date":382,"score":373,"percentile":383},"2026-01-18",0.31657,{"date":385,"score":373,"percentile":386},"2026-01-19",0.31623,{"date":388,"score":373,"percentile":389},"2026-01-20",0.31608,{"date":391,"score":373,"percentile":392},"2026-01-21",0.31557,{"date":394,"score":373,"percentile":395},"2026-01-22",0.31534,{"date":397,"score":373,"percentile":398},"2026-01-23",0.31599,{"date":400,"score":373,"percentile":401},"2026-01-24",0.31612,{"date":403,"score":373,"percentile":404},"2026-01-25",0.31542,{"date":406,"score":373,"percentile":407},"2026-01-26",0.31451,{"date":409,"score":373,"percentile":410},"2026-01-27",0.31438,{"date":412,"score":373,"percentile":413},"2026-01-28",0.31413,{"date":415,"score":373,"percentile":416},"2026-01-29",0.31369,{"date":418,"score":373,"percentile":419},"2026-01-30",0.31356,{"date":421,"score":373,"percentile":422},"2026-01-31",0.31368,{"date":424,"score":287,"percentile":425},"2026-02-01",0.29367,[427,432],{"source":128,"cvss_v2_0":9,"cvss_v3_0":428,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":126,"baseSeverity":429,"vectorString":129,"impactScore":430,"exploitabilityScore":431},"MEDIUM",9.2,2.6,{"source":134,"cvss_v2_0":9,"cvss_v3_0":433,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":126,"baseSeverity":429,"vectorString":129,"impactScore":430,"exploitabilityScore":431},[435],{"ecosystem":9,"name":436,"vendor":437,"product":436,"cpe_part":438,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":439},"node","nodejs","a",[440,447,451,455,459,463,467,471,475,479,483,487,491,495,499,503,507,511,515],{"version":441,"is_range":442,"range_type":128,"version_start":443,"version_start_type":444,"version_end":445,"version_end_type":446,"fixed_in":9},">= 4.0, \u003C 4.*",true,"4.0","including","4.*","excluding",{"version":448,"is_range":442,"range_type":128,"version_start":449,"version_start_type":444,"version_end":450,"version_end_type":446,"fixed_in":9},">= 5.0, \u003C 5.*","5.0","5.*",{"version":452,"is_range":442,"range_type":128,"version_start":453,"version_start_type":444,"version_end":454,"version_end_type":446,"fixed_in":9},">= 6.0, \u003C 6.*","6.0","6.*",{"version":456,"is_range":442,"range_type":128,"version_start":457,"version_start_type":444,"version_end":458,"version_end_type":446,"fixed_in":9},">= 7.0, \u003C 7.*","7.0","7.*",{"version":460,"is_range":442,"range_type":128,"version_start":461,"version_start_type":444,"version_end":462,"version_end_type":446,"fixed_in":9},">= 8.0, \u003C 8.*","8.0","8.*",{"version":464,"is_range":442,"range_type":128,"version_start":465,"version_start_type":444,"version_end":466,"version_end_type":446,"fixed_in":9},">= 9.0, \u003C 9.*","9.0","9.*",{"version":468,"is_range":442,"range_type":128,"version_start":469,"version_start_type":444,"version_end":470,"version_end_type":446,"fixed_in":9},">= 10.0, \u003C 10.*","10.0","10.*",{"version":472,"is_range":442,"range_type":128,"version_start":473,"version_start_type":444,"version_end":474,"version_end_type":446,"fixed_in":9},">= 11.0, \u003C 11.*","11.0","11.*",{"version":476,"is_range":442,"range_type":128,"version_start":477,"version_start_type":444,"version_end":478,"version_end_type":446,"fixed_in":9},">= 12.0, \u003C 12.*","12.0","12.*",{"version":480,"is_range":442,"range_type":128,"version_start":481,"version_start_type":444,"version_end":482,"version_end_type":446,"fixed_in":9},">= 13.0, \u003C 13.*","13.0","13.*",{"version":484,"is_range":442,"range_type":128,"version_start":485,"version_start_type":444,"version_end":486,"version_end_type":446,"fixed_in":9},">= 14.0, \u003C 14.*","14.0","14.*",{"version":488,"is_range":442,"range_type":128,"version_start":489,"version_start_type":444,"version_end":490,"version_end_type":446,"fixed_in":9},">= 15.0, \u003C 15.*","15.0","15.*",{"version":492,"is_range":442,"range_type":128,"version_start":493,"version_start_type":444,"version_end":494,"version_end_type":446,"fixed_in":9},">= 16.0, \u003C 16.*","16.0","16.*",{"version":496,"is_range":442,"range_type":128,"version_start":497,"version_start_type":444,"version_end":498,"version_end_type":446,"fixed_in":9},">= 17.0, \u003C 17.*","17.0","17.*",{"version":500,"is_range":442,"range_type":128,"version_start":501,"version_start_type":444,"version_end":502,"version_end_type":446,"fixed_in":9},">= 18.0, \u003C 18.20.4","18.0","18.20.4",{"version":504,"is_range":442,"range_type":128,"version_start":505,"version_start_type":444,"version_end":506,"version_end_type":446,"fixed_in":9},">= 19.0, \u003C 19.*","19.0","19.*",{"version":508,"is_range":442,"range_type":128,"version_start":509,"version_start_type":444,"version_end":510,"version_end_type":446,"fixed_in":9},">= 20.0, \u003C 20.15.1","20.0","20.15.1",{"version":512,"is_range":442,"range_type":128,"version_start":513,"version_start_type":444,"version_end":514,"version_end_type":446,"fixed_in":9},">= 21.0, \u003C 21.*","21.0","21.*",{"version":516,"is_range":442,"range_type":128,"version_start":517,"version_start_type":444,"version_end":518,"version_end_type":446,"fixed_in":9},">= 22.0, \u003C 22.4.1","22.0","22.4.1"]