Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
npm vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2018-3772
Concatenating unsanitized user input in the `whereis` npm module < 0.4.1 allowed an malicious user to execute arbitrary commands. The `whereis` module is deprecated and it is recommended to use the `which` npm module instead.
Whereis Project Whereis
NA
CVE-2023-37478
pnpm is a package manager. It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. This can result in a package that appears safe on the npm registry or wh...
Pnpm Pnpm
2 Github repositories
668
VMScore
CVE-2022-0401
Path Traversal in NPM w-zip before 1.0.12.
W-zip Project W-zip
605
VMScore
CVE-2022-0520
Use After Free in NPM radare2.js before 5.6.2.
Radare Radare2
Fedoraproject Fedora 35
Fedoraproject Fedora 36
445
VMScore
CVE-2019-5438
Path traversal using symlink in npm harp module versions <= 0.29.0.
Harpjs Harp
383
VMScore
CVE-2022-0437
Cross-site Scripting (XSS) - DOM in NPM karma before 6.3.14.
Karma Project Karma
668
VMScore
CVE-2020-8149
Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1.
Logkitty Project Logkitty
1 Github repository
445
VMScore
CVE-2022-0512
Authorization Bypass Through User-Controlled Key in NPM url-parse before 1.5.6.
Url-parse Project Url-parse
516
VMScore
CVE-2022-0522
Access of Memory Location Before Start of Buffer in NPM radare2.js before 5.6.2.
Radare Radare2
Fedoraproject Fedora 35
Fedoraproject Fedora 36
890
VMScore
CVE-2020-8178
Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks.
Jison Project Jison
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »