async — CVE history (npm)

async

1 CVEs affect the async npm package (highest CVSS 7.8). Latest disclosed: 2022-04-06. Full CVE history sourced from NVD.

Summary

Package
async (npm)
Total CVEs
1
Actively exploited (CISA KEV)
0
Highest CVSS
7.8
Latest disclosed
2022-04-06

Recent CVEs (top 1)

CVESeverityCVSSKEVPublishedSummary
CVE-2021-43138High7.82022-04-06In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.

All-time worst (top 1 by CVSS)

CVESeverityCVSSKEVPublishedSummary
CVE-2021-43138High7.82022-04-06In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.