Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
npm vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-3772
Concatenating unsanitized user input in the `whereis` npm module < 0.4.1 allowed an malicious user to execute arbitrary commands. The `whereis` module is deprecated and it is recommended to use the `which` npm module instead.
Whereis Project Whereis
9.8
CVSSv3
CVE-2023-37478
pnpm is a package manager. It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. This can result in a package that appears safe on the npm registry or wh...
Pnpm Pnpm
2 Github repositories
9.8
CVSSv3
CVE-2022-0401
Path Traversal in NPM w-zip before 1.0.12.
W-zip Project W-zip
7.8
CVSSv3
CVE-2022-0520
Use After Free in NPM radare2.js before 5.6.2.
Radare Radare2
Fedoraproject Fedora 35
Fedoraproject Fedora 36
5.3
CVSSv3
CVE-2019-5438
Path traversal using symlink in npm harp module versions <= 0.29.0.
Harpjs Harp
6.1
CVSSv3
CVE-2022-0437
Cross-site Scripting (XSS) - DOM in NPM karma before 6.3.14.
Karma Project Karma
9.8
CVSSv3
CVE-2020-8149
Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1.
Logkitty Project Logkitty
1 Github repository
5.3
CVSSv3
CVE-2022-0512
Authorization Bypass Through User-Controlled Key in NPM url-parse before 1.5.6.
Url-parse Project Url-parse
7.1
CVSSv3
CVE-2022-0522
Access of Memory Location Before Start of Buffer in NPM radare2.js before 5.6.2.
Radare Radare2
Fedoraproject Fedora 35
Fedoraproject Fedora 36
9.8
CVSSv3
CVE-2020-8178
Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks.
Jison Project Jison
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »