Vulnerabilities > Npmjs > NPM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-07 | CVE-2020-15095 | Information Exposure Through Log Files vulnerability in multiple products Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. | 4.4 |
| 2019-12-13 | CVE-2019-16777 | Improper Privilege Management vulnerability in multiple products Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. | 6.5 |
| 2019-12-13 | CVE-2019-16775 | UNIX Symbolic Link (Symlink) Following vulnerability in multiple products Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. | 6.5 |
| 2018-02-22 | CVE-2018-7408 | Incorrect Permission Assignment for Critical Resource vulnerability in Npmjs NPM 5.7.0 An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status). | 4.6 |
| 2016-07-02 | CVE-2016-3956 | Information Exposure vulnerability in multiple products The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers. | 5.0 |