Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
npmjs npm vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2021-23362
The package hosted-git-info prior to 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
Npmjs Hosted-git-info
Siemens Sinec Infrastructure Network Services
2 Github repositories
8.6
CVSSv3
CVE-2021-37713
The npm package "tar" (aka node-tar) prior to 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is no...
Npmjs Tar
Oracle Graalvm 20.3.3
Oracle Graalvm 21.2.0
Siemens Sinec Infrastructure Network Services
8.6
CVSSv3
CVE-2021-37712
The npm package "tar" (aka node-tar) prior to 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. Th...
Npmjs Tar
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Oracle Graalvm 20.3.3
Oracle Graalvm 21.2.0
Siemens Sinec Infrastructure Network Services
8.6
CVSSv3
CVE-2021-37701
The npm package "tar" (aka node-tar) prior to 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. Thi...
Npmjs Tar
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Oracle Graalvm 20.3.3
Oracle Graalvm 21.2.0
Siemens Sinec Infrastructure Network Services
10
CVSSv3
CVE-2019-5485
NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name.
Gitlabhook Project Gitlabhook 0.0.17
1 EDB exploit
7.5
CVSSv3
CVE-2016-3956
The CLI in npm prior to 2.15.1 and 3.x prior to 3.8.3, as used in Node.js 0.10 prior to 0.10.44, 0.12 prior to 0.12.13, 4 prior to 4.4.2, and 5 prior to 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by rea...
Ibm Sdk
Nodejs Node.js 5.6.0
Nodejs Node.js 4.4.0
Nodejs Node.js 4.3.2
Nodejs Node.js 4.3.1
Nodejs Node.js 5.2.0
Nodejs Node.js 5.1.0
Nodejs Node.js 4.2.1
Nodejs Node.js 4.1.2
Nodejs Node.js 0.12.8
Nodejs Node.js 0.12.6
Nodejs Node.js 0.10.9
Nodejs Node.js 0.10.7
Nodejs Node.js 0.10.38
Nodejs Node.js 0.10.36
Nodejs Node.js 0.10.31
Nodejs Node.js 0.10.3
Nodejs Node.js 0.10.23
Nodejs Node.js 0.10.21
Nodejs Node.js 0.10.16
Nodejs Node.js 0.10.14
Nodejs Node.js 0.10.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2