Vulnerabilities > Npmjs > NPM > 1.2.25

DATE CVE VULNERABILITY TITLE RISK
2020-07-07 CVE-2020-15095 Information Exposure Through Log Files vulnerability in multiple products
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files.
local
high complexity
npmjs opensuse fedoraproject CWE-532
4.4
4.4
2019-12-13 CVE-2019-16777 Improper Privilege Management vulnerability in multiple products
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite.
network
low complexity
npmjs opensuse oracle fedoraproject redhat CWE-269
6.5
6.5
2019-12-13 CVE-2019-16776 Path Traversal vulnerability in multiple products
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write.
network
low complexity
npmjs opensuse oracle fedoraproject redhat CWE-22
8.1
8.1
2019-12-13 CVE-2019-16775 UNIX Symbolic Link (Symlink) Following vulnerability in multiple products
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write.
network
low complexity
redhat npmjs opensuse oracle fedoraproject CWE-61
6.5
6.5
2016-07-02 CVE-2016-3956 Information Exposure vulnerability in multiple products
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.
network
low complexity
ibm nodejs npmjs CWE-200
5.0
5.0