uuid — CVE history (npm)
uuid
2 CVEs affect the uuid npm package (highest CVSS 7.5). Latest disclosed: 2026-04-24. Full CVE history sourced from NVD.
Summary
- Package
uuid(npm)- Total CVEs
2- Actively exploited (CISA KEV)
- 0
- Highest CVSS
7.5- Latest disclosed
- 2026-04-24
Recent CVEs (top 2)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-41907 | High | 7.5 | — | 2026-04-24 | uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. |
CVE-2026-41988 | Low | 3.2 | — | 2026-04-23 | uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. |
All-time worst (top 2 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-41907 | High | 7.5 | — | 2026-04-24 | uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. |
CVE-2026-41988 | Low | 3.2 | — | 2026-04-23 | uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. |