Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
npm vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-13173
fstream prior to 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstre...
Fstream Project Fstream
NA
CVE-2013-4116
lib/npm.js in Node Packaged Modules (npm) prior to 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.
Node Packaged Modules Project Node Packaged Modules
7.8
CVSSv3
CVE-2021-39134
`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed in...
Npmjs Arborist
Oracle Graalvm 20.3.3
Oracle Graalvm 21.2.0
Siemens Sinec Infrastructure Network Services
9.8
CVSSv3
CVE-2022-37257
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js.
Stealjs Steal 2.2.4
9.8
CVSSv3
CVE-2022-37258
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js.
Stealjs Steal 2.2.4
6.5
CVSSv3
CVE-2022-0613
Authorization Bypass Through User-Controlled Key in NPM urijs before 1.19.8.
Uri.js Project Uri.js
Fedoraproject Fedora 35
9.8
CVSSv3
CVE-2022-0691
Authorization Bypass Through User-Controlled Key in NPM url-parse before 1.5.9.
Url-parse Project Url-parse
5.3
CVSSv3
CVE-2022-0639
Authorization Bypass Through User-Controlled Key in NPM url-parse before 1.5.7.
Url-parse Project Url-parse
9.1
CVSSv3
CVE-2022-0686
Authorization Bypass Through User-Controlled Key in NPM url-parse before 1.5.8.
Url-parse Project Url-parse
5.9
CVSSv3
CVE-2022-0536
Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects before 1.14.8.
Follow-redirects Project Follow-redirects
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »