node-fetch — CVE history (npm)

node-fetch

3 CVEs affect the node-fetch npm package (highest CVSS 6.1). Latest disclosed: 2022-08-01. Full CVE history sourced from NVD.

Summary

Package
node-fetch (npm)
Total CVEs
3
Actively exploited (CISA KEV)
0
Highest CVSS
6.1
Latest disclosed
2022-08-01

Recent CVEs (top 3)

CVESeverityCVSSKEVPublishedSummary
CVE-2022-2596Medium5.92022-08-01Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10.
CVE-2022-0235Medium6.12022-01-16node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-15168Low2.62020-09-10node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without fail…

All-time worst (top 3 by CVSS)

CVESeverityCVSSKEVPublishedSummary
CVE-2022-0235Medium6.12022-01-16node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-2596Medium5.92022-08-01Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10.
CVE-2020-15168Low2.62020-09-10node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without fail…