Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
npm vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2022-0355
Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get before 4.0.1.
Simple-get Project Simple-get 4.0.0
Simple-get Project Simple-get
5
CVSSv2
CVE-2020-10953
In GitLab EE 11.7 up to and including 12.9, the NPM feature is vulnerable to a path traversal issue.
Gitlab Gitlab
5
CVSSv2
CVE-2020-8237
Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.
Json-bigint Project Json-bigint
7.5
CVSSv2
CVE-2019-5413
An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1.
Morgan Project Morgan
3 Github repositories
7.5
CVSSv2
CVE-2017-1000219
npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user
Windows-cpu Project Windows-cpu 0.1.2
Windows-cpu Project Windows-cpu 0.1.1
6.5
CVSSv2
CVE-2020-7596
Codecov npm module prior to 3.6.2 allows remote malicious users to execute arbitrary commands via the "gcov-args" argument.
Codecov Nodejs Uploader
7.5
CVSSv2
CVE-2021-40663
deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').
Deep.assign Project Deep.assign 0.0.0
5
CVSSv2
CVE-2019-5480
A path traversal vulnerability in <= v0.9.7 of statichttpserver npm module allows malicious users to list files in arbitrary folders.
Statichttpserver Project Statichttpserver
NA
CVE-2023-36821
Uptime Kuma, a self-hosted monitoring tool, allows an authenticated malicious user to install a maliciously crafted plugin in versions before 1.22.1, which may lead to remote code execution. Uptime Kuma allows authenticated users to install plugins from an official list of plugin...
Uptime-kuma Project Uptime-kuma
5
CVSSv2
CVE-2017-16049
`nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Nodesqlite Project Nodesqlite
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »