npmjs
OSS Librariesoss-project
Latest CVEs
The 14 most recently published vulnerabilities affecting npmjs.
- CVE-2021-43616The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with t...9.0
- CVE-2021-39135UNIX Symbolic Link (Symlink) Following in @npmcli/arborist8.2
- CVE-2021-39134UNIX Symbolic Link (Symlink) Following in @npmcli/arborist8.2
- CVE-2021-37713Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization8.2
- CVE-2021-37701Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links8.2
- CVE-2021-37712Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links8.2
- CVE-2021-23362Regular Expression Denial of Service (ReDoS)5.3
- CVE-2020-7754Regular Expression Denial of Service (ReDoS)7.5
- CVE-2020-15095Sensitive information exposure through logs in npm cli4.4
- CVE-2019-16777Arbitrary File Overwrite in npm CLI7.7
- CVE-2019-16776Unauthorized File Access in npm CLI before before version 6.13.37.7
- CVE-2019-16775Unauthorized File Access in npm CLI before before version 6.13.37.7
- CVE-2018-7408An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's ...7.8
- CVE-2016-3956The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, ...7.5