Nvm-sh Nvm
2 CVEs affecting Nvm-sh Nvm. Latest disclosed: 2026-06-04. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-10796 | High | 7.5 | 2026-06-04 | nvm (Node Version Manager) through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as `n… |
CVE-2026-1665 | | 2026-01-29 | A command injection vulnerability exists in nvm (Node Version Manager) versions 0.40.3 and below. The nvm_download() function uses eval to execute wget command… |