moment — CVE history (npm)

moment

4 CVEs affect the moment npm package (highest CVSS 7.5). Latest disclosed: 2022-07-06. Full CVE history sourced from NVD.

Summary

Package
moment (npm)
Total CVEs
4
Actively exploited (CISA KEV)
0
Highest CVSS
7.5
Latest disclosed
2022-07-06

Recent CVEs (top 4)

CVESeverityCVSSKEVPublishedSummary
CVE-2022-31129High7.52022-07-06moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates.
CVE-2022-24785High7.52022-04-04Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates.
CVE-2017-18214High7.52018-03-04The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
CVE-2016-4055Medium6.52017-01-23The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."

All-time worst (top 4 by CVSS)

CVESeverityCVSSKEVPublishedSummary
CVE-2022-31129High7.52022-07-06moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates.
CVE-2022-24785High7.52022-04-04Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates.
CVE-2017-18214High7.52018-03-04The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
CVE-2016-4055Medium6.52017-01-23The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."