Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
npm vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2021-26700
Visual Studio Code npm-script Extension Remote Code Execution Vulnerability
Microsoft Visual Studio Code Npm-script Extension
2 Github repositories
5
CVSSv2
CVE-2022-29244
npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of v7.9.0 and v7.13.0 respectiv...
Npmjs Npm
Netapp Ontap Select Deploy Administration Utility -
7.5
CVSSv2
CVE-2021-43616
The npm ci command in npm 7.x and 8.x up to and including 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for malicious users to install ma...
Npmjs Npm
Netapp Next Generation Application Programming Interface -
Fedoraproject Fedora 35
1 Github repository
1.9
CVSSv2
CVE-2020-15095
Versions of the npm CLI before 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is no...
Npmjs Npm
Opensuse Leap 15.1
Opensuse Leap 15.2
Fedoraproject Fedora 33
3.5
CVSSv2
CVE-2019-12954
SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT.
Solarwinds Network Performance Monitor Orion Platform 2018 Netpath 1.1.3
Solarwinds Network Performance Monitor Orion Platform 2018 Npm 12.3
5.5
CVSSv2
CVE-2019-16776
Versions of the npm CLI before 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to ...
Npmjs Npm
Opensuse Leap 15.1
Oracle Graalvm 19.3.0.2
Fedoraproject Fedora 31
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
5.5
CVSSv2
CVE-2019-16777
Versions of the npm CLI before 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequ...
Npmjs Npm
Opensuse Leap 15.1
Oracle Graalvm 19.3.0.2
Fedoraproject Fedora 31
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
4
CVSSv2
CVE-2019-16775
Versions of the npm CLI before 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would all...
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Npmjs Npm
Opensuse Leap 15.1
Oracle Graalvm 19.3.0.2
Oracle Graalvm 20.3.3
Oracle Graalvm 21.2.2
Fedoraproject Fedora 31
4.4
CVSSv2
CVE-2021-39135
`@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into...
Npmjs Arborist
Oracle Graalvm 20.3.3
Oracle Graalvm 21.2.0
Siemens Sinec Infrastructure Network Services
5
CVSSv2
CVE-2016-3956
The CLI in npm prior to 2.15.1 and 3.x prior to 3.8.3, as used in Node.js 0.10 prior to 0.10.44, 0.12 prior to 0.12.13, 4 prior to 4.4.2, and 5 prior to 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by rea...
Ibm Sdk
Nodejs Node.js 5.6.0
Nodejs Node.js 4.4.0
Nodejs Node.js 4.3.2
Nodejs Node.js 4.3.1
Nodejs Node.js 5.2.0
Nodejs Node.js 5.1.0
Nodejs Node.js 4.2.1
Nodejs Node.js 4.1.2
Nodejs Node.js 0.12.8
Nodejs Node.js 0.12.6
Nodejs Node.js 0.10.9
Nodejs Node.js 0.10.7
Nodejs Node.js 0.10.38
Nodejs Node.js 0.10.36
Nodejs Node.js 0.10.31
Nodejs Node.js 0.10.3
Nodejs Node.js 0.10.23
Nodejs Node.js 0.10.21
Nodejs Node.js 0.10.16
Nodejs Node.js 0.10.14
Nodejs Node.js 0.10.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »