npmjs

Top products

The 15 most recently published vulnerabilities affecting npmjs.

• CVE-2022-25883Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range. 5.3Jun 21, 2023
• CVE-2022-29244npm packing does not respect root-level ignore files in workspaces7.5Jun 13, 2022
• CVE-2021-43616The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with t...9.0Nov 13, 2021
• CVE-2021-39135UNIX Symbolic Link (Symlink) Following in @npmcli/arborist8.2Aug 31, 2021
• CVE-2021-39134UNIX Symbolic Link (Symlink) Following in @npmcli/arborist8.2Aug 31, 2021
• CVE-2021-37713Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization8.2Aug 31, 2021
• CVE-2021-37712Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links8.2Aug 31, 2021
• CVE-2021-37701Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links8.2Aug 31, 2021
• CVE-2021-23362Regular Expression Denial of Service (ReDoS)5.3Mar 23, 2021
• CVE-2020-7754Regular Expression Denial of Service (ReDoS)7.5Oct 27, 2020
• CVE-2020-15095Sensitive information exposure through logs in npm cli4.4Jul 7, 2020
• CVE-2019-16777Arbitrary File Overwrite in npm CLI7.7Dec 13, 2019
• CVE-2019-16776Unauthorized File Access in npm CLI before before version 6.13.37.7Dec 13, 2019
• CVE-2019-16775Unauthorized File Access in npm CLI before before version 6.13.37.7Dec 13, 2019
• CVE-2018-7408An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's ...7.8Feb 22, 2018