request — CVE history (npm)

request

2 CVEs affect the request npm package (highest CVSS 6.1). Latest disclosed: 2023-03-16. Full CVE history sourced from NVD.

Summary

Package
request (npm)
Total CVEs
2
Actively exploited (CISA KEV)
0
Highest CVSS
6.1
Latest disclosed
2023-03-16

Recent CVEs (top 2)

CVESeverityCVSSKEVPublishedSummary
CVE-2023-28155Medium6.12023-03-16The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP).
CVE-2017-16026Medium5.92018-06-04Request is an http client.

All-time worst (top 2 by CVSS)

CVESeverityCVSSKEVPublishedSummary
CVE-2023-28155Medium6.12023-03-16The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP).
CVE-2017-16026Medium5.92018-06-04Request is an http client.