Known Vulnerabilities for products from Npmjs
Listed below are 16 of the newest known vulnerabilities associated with the vendor "Npmjs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-29244 json | npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace f... | 7.5 - HIGH | 2022-06-13 | 2022-10-27 |
| CVE-2022-25883 json | Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function n... | 7.5 - HIGH | 2023-06-21 | 2023-11-07 |
| CVE-2021-43616 json | The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-l... | 9.8 - CRITICAL | 2021-11-13 | 2023-11-07 |
| CVE-2021-39135 json | `@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm co... | 7.8 - HIGH | 2021-08-31 | 2023-11-07 |
| CVE-2021-39134 json | `@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm ... | 7.8 - HIGH | 2021-08-31 | 2023-11-07 |
| CVE-2021-37713 json | The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and a... | 8.6 - HIGH | 2021-08-31 | 2022-04-25 |
| CVE-2021-37712 json | The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and a... | 8.6 - HIGH | 2021-08-31 | 2023-02-23 |
| CVE-2021-37701 json | The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and ar... | 8.6 - HIGH | 2021-08-31 | 2023-01-19 |
| CVE-2021-23362 json | The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expressio... | 5.3 - MEDIUM | 2021-03-23 | 2023-08-08 |
| CVE-2020-15095 json | Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI su... | 4.4 - MEDIUM | 2020-07-07 | 2023-11-07 |
| CVE-2020-7754 json | This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to pr... | 7.5 - HIGH | 2020-10-27 | 2020-10-27 |
| CVE-2019-16777 json | Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-... | 6.5 - MEDIUM | 2019-12-13 | 2023-11-07 |
| CVE-2019-16776 json | Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outs... | 8.1 - HIGH | 2019-12-13 | 2023-11-07 |
| CVE-2019-16775 json | Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create syml... | 6.5 - MEDIUM | 2019-12-13 | 2023-11-07 |
| CVE-2018-7408 json | An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed... | 7.8 - HIGH | 2018-02-22 | 2019-10-03 |
| CVE-2016-3956 json | The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.... | 7.5 - HIGH | 2016-07-02 | 2021-06-15 |
Known software with vulnerabilities from Npmjs
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Npmjs | Fstream | 0.0.1 |
| Application | Npmjs | Harp | 0.21.0 |
| Application | Npmjs | M-server | 0.0.1 |
| Application | Npmjs | Npm-user-validate | 0.0.4 |