Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
npm vulnerabilities and exploits
(subscribe to this query)
570
VMScore
CVE-2019-13173
fstream prior to 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstre...
Fstream Project Fstream
392
VMScore
CVE-2021-39134
`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed in...
Npmjs Arborist
Oracle Graalvm 20.3.3
Oracle Graalvm 21.2.0
Siemens Sinec Infrastructure Network Services
294
VMScore
CVE-2013-4116
lib/npm.js in Node Packaged Modules (npm) prior to 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.
Node Packaged Modules Project Node Packaged Modules
NA
CVE-2022-37257
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js.
Stealjs Steal 2.2.4
NA
CVE-2022-37258
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js.
Stealjs Steal 2.2.4
570
VMScore
CVE-2022-0613
Authorization Bypass Through User-Controlled Key in NPM urijs before 1.19.8.
Uri.js Project Uri.js
Fedoraproject Fedora 35
571
VMScore
CVE-2022-0686
Authorization Bypass Through User-Controlled Key in NPM url-parse before 1.5.8.
Url-parse Project Url-parse
668
VMScore
CVE-2022-0691
Authorization Bypass Through User-Controlled Key in NPM url-parse before 1.5.9.
Url-parse Project Url-parse
445
VMScore
CVE-2022-0639
Authorization Bypass Through User-Controlled Key in NPM url-parse before 1.5.7.
Url-parse Project Url-parse
383
VMScore
CVE-2022-0536
Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects before 1.14.8.
Follow-redirects Project Follow-redirects
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »