Known Vulnerabilities for products from Npmjs
Listed below are 14 of the newest known vulnerabilities associated with the vendor "Npmjs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-43616 | The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-l... | 9.8 - CRITICAL | 2021-11-13 | 2023-11-07 |
| CVE-2021-39135 | `@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm co... | 7.8 - HIGH | 2021-08-31 | 2023-11-07 |
| CVE-2021-39134 | `@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm ... | 7.8 - HIGH | 2021-08-31 | 2023-11-07 |
| CVE-2021-37713 | The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and a... | 8.6 - HIGH | 2021-08-31 | 2022-04-25 |
| CVE-2021-37712 | The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and a... | 8.6 - HIGH | 2021-08-31 | 2023-02-23 |
| CVE-2021-37701 | The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and ar... | 8.6 - HIGH | 2021-08-31 | 2023-01-19 |
| CVE-2021-23362 | The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expressio... | 5.3 - MEDIUM | 2021-03-23 | 2023-08-08 |
| CVE-2020-15095 | Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI su... | 4.4 - MEDIUM | 2020-07-07 | 2023-11-07 |
| CVE-2020-7754 | This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to pr... | 7.5 - HIGH | 2020-10-27 | 2020-10-27 |
| CVE-2019-16777 | Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-... | 6.5 - MEDIUM | 2019-12-13 | 2023-11-07 |
| CVE-2019-16776 | Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outs... | 8.1 - HIGH | 2019-12-13 | 2023-11-07 |
| CVE-2019-16775 | Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create syml... | 6.5 - MEDIUM | 2019-12-13 | 2023-11-07 |
| CVE-2018-7408 | An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed... | 7.8 - HIGH | 2018-02-22 | 2019-10-03 |
| CVE-2016-3956 | The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.... | 7.5 - HIGH | 2016-07-02 | 2021-06-15 |
Known software with vulnerabilities from Npmjs
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Npmjs | Fstream | 0.0.1 |
| Application | Npmjs | Harp | 0.21.0 |
| Application | Npmjs | M-server | 0.0.1 |
| Application | Npmjs | Npm-user-validate | 0.0.4 |