Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
npm vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-3772
Concatenating unsanitized user input in the `whereis` npm module < 0.4.1 allowed an malicious user to execute arbitrary commands. The `whereis` module is deprecated and it is recommended to use the `which` npm module instead.
Whereis Project Whereis
NA
CVE-2023-37478
pnpm is a package manager. It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. This can result in a package that appears safe on the npm registry or wh...
Pnpm Pnpm
2 Github repositories
7.5
CVSSv2
CVE-2022-0401
Path Traversal in NPM w-zip before 1.0.12.
W-zip Project W-zip
5
CVSSv2
CVE-2019-5438
Path traversal using symlink in npm harp module versions <= 0.29.0.
Harpjs Harp
6.8
CVSSv2
CVE-2022-0520
Use After Free in NPM radare2.js before 5.6.2.
Radare Radare2
Fedoraproject Fedora 35
Fedoraproject Fedora 36
4.3
CVSSv2
CVE-2022-0437
Cross-site Scripting (XSS) - DOM in NPM karma before 6.3.14.
Karma Project Karma
7.5
CVSSv2
CVE-2020-8149
Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1.
Logkitty Project Logkitty
1 Github repository
5
CVSSv2
CVE-2022-0512
Authorization Bypass Through User-Controlled Key in NPM url-parse before 1.5.6.
Url-parse Project Url-parse
5.8
CVSSv2
CVE-2022-0522
Access of Memory Location Before Start of Buffer in NPM radare2.js before 5.6.2.
Radare Radare2
Fedoraproject Fedora 35
Fedoraproject Fedora 36
10
CVSSv2
CVE-2020-8178
Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks.
Jison Project Jison
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »