Vulnerabilities > Npmjs > NPM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-13 | CVE-2022-29244 | npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. | 7.5 |
| 2019-12-13 | CVE-2019-16776 | Path Traversal vulnerability in multiple products Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. | 8.1 |
| 2018-02-22 | CVE-2018-7408 | Incorrect Permission Assignment for Critical Resource vulnerability in Npmjs NPM 5.7.0 An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status). | 7.8 |
| 2016-07-02 | CVE-2016-3956 | Information Exposure vulnerability in multiple products The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers. | 7.5 |