Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
npmjs npm vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2019-5485
NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name.
Gitlabhook Project Gitlabhook 0.0.17
1 EDB exploit
7.5
CVSSv2
CVE-2021-43616
The npm ci command in npm 7.x and 8.x up to and including 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for malicious users to install ma...
Npmjs Npm
Netapp Next Generation Application Programming Interface -
Fedoraproject Fedora 35
1 Github repository
5.5
CVSSv2
CVE-2019-16776
Versions of the npm CLI before 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to ...
Npmjs Npm
Opensuse Leap 15.1
Oracle Graalvm 19.3.0.2
Fedoraproject Fedora 31
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
5.5
CVSSv2
CVE-2019-16777
Versions of the npm CLI before 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequ...
Npmjs Npm
Opensuse Leap 15.1
Oracle Graalvm 19.3.0.2
Fedoraproject Fedora 31
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
5
CVSSv2
CVE-2022-29244
npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of v7.9.0 and v7.13.0 respectiv...
Npmjs Npm
Netapp Ontap Select Deploy Administration Utility -
5
CVSSv2
CVE-2021-23362
The package hosted-git-info prior to 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
Npmjs Hosted-git-info
Siemens Sinec Infrastructure Network Services
2 Github repositories
5
CVSSv2
CVE-2020-7754
This affects the package npm-user-validate prior to 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.
Npmjs Npm-user-validate
5
CVSSv2
CVE-2016-3956
The CLI in npm prior to 2.15.1 and 3.x prior to 3.8.3, as used in Node.js 0.10 prior to 0.10.44, 0.12 prior to 0.12.13, 4 prior to 4.4.2, and 5 prior to 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by rea...
Ibm Sdk
Nodejs Node.js 5.6.0
Nodejs Node.js 4.4.0
Nodejs Node.js 4.3.2
Nodejs Node.js 4.3.1
Nodejs Node.js 5.2.0
Nodejs Node.js 5.1.0
Nodejs Node.js 4.2.1
Nodejs Node.js 4.1.2
Nodejs Node.js 0.12.8
Nodejs Node.js 0.12.6
Nodejs Node.js 0.10.9
Nodejs Node.js 0.10.7
Nodejs Node.js 0.10.38
Nodejs Node.js 0.10.36
Nodejs Node.js 0.10.31
Nodejs Node.js 0.10.3
Nodejs Node.js 0.10.23
Nodejs Node.js 0.10.21
Nodejs Node.js 0.10.16
Nodejs Node.js 0.10.14
Nodejs Node.js 0.10.1
4.6
CVSSv2
CVE-2018-7408
An issue exists in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status). It might allow local ...
Npmjs Npm 5.7.0
4.4
CVSSv2
CVE-2021-37712
The npm package "tar" (aka node-tar) prior to 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. Th...
Npmjs Tar
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Oracle Graalvm 20.3.3
Oracle Graalvm 21.2.0
Siemens Sinec Infrastructure Network Services
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »