Npmjs Npm
10 CVEs affecting Npmjs Npm. Latest disclosed: 2022-06-13. Critical: 1, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-43616 | Critical | 9.0 | 2021-11-13 | The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json… |
CVE-2021-39135 | High | 8.2 | 2021-08-31 | `@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guar… |
CVE-2021-39134 | High | 8.2 | 2021-08-31 | `@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to gu… |
CVE-2018-7408 | High | 7.8 | 2018-02-22 | An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" comman… |
CVE-2019-16777 | High | 7.7 | 2019-12-13 | Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritt… |
CVE-2019-16776 | High | 7.7 | 2019-12-13 | Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules f… |
CVE-2019-16775 | High | 7.7 | 2019-12-13 | Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_m… |
CVE-2022-29244 | High | 7.5 | 2022-06-13 | npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--worksp… |
CVE-2016-3956 | High | 7.5 | 2016-07-02 | The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes b… |
CVE-2020-15095 | Medium | 4.4 | 2020-07-07 | Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<u… |