Vulnerabilities > Npmjs

DATE CVE VULNERABILITY TITLE RISK
2023-06-21 CVE-2022-25883 Unspecified vulnerability in Npmjs Semver
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
network
low complexity
npmjs
7.5
7.5
2022-06-13 CVE-2022-29244 npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie.
network
low complexity
npmjs netapp
7.5
7.5
2021-11-13 CVE-2021-43616 Insufficient Verification of Data Authenticity vulnerability in multiple products
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json.
network
low complexity
npmjs netapp fedoraproject CWE-345
critical
 9.8
9.8
2021-08-31 CVE-2021-37701 The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability.
local
low complexity
npmjs debian oracle siemens
8.6
8.6
2021-08-31 CVE-2021-37712 The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability.
local
low complexity
npmjs debian oracle siemens
8.6
8.6
2021-08-31 CVE-2021-37713 The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability.
local
low complexity
npmjs oracle siemens
8.6
8.6
2021-08-31 CVE-2021-39134 Improper Handling of Case Sensitivity vulnerability in multiple products
`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder.
local
low complexity
npmjs oracle siemens CWE-178
7.8
7.8
2021-08-31 CVE-2021-39135 `@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder.
local
low complexity
npmjs oracle siemens
7.8
7.8
2021-03-23 CVE-2021-23362 The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js.
network
low complexity
npmjs siemens
5.3
5.3
2020-07-07 CVE-2020-15095 Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files.
local
high complexity
npmjs opensuse fedoraproject
4.4
4.4