| 2023-09-21 | CVE-2023-41993 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
The issue was addressed with improved checks. | 8.8 |
| 2022-07-19 | CVE-2022-34169 | Incorrect Conversion between Numeric Types vulnerability in multiple products
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. | 7.5 |
| 2022-05-01 | CVE-2022-25647 | Deserialization of Untrusted Data vulnerability in multiple products
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. | 7.5 |
| 2022-02-24 | CVE-2021-44531 | Improper Certificate Validation vulnerability in multiple products
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. | 7.4 |
| 2021-08-31 | CVE-2021-37701 | The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. | 8.6 |
| 2021-08-31 | CVE-2021-37712 | The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. | 8.6 |
| 2021-08-31 | CVE-2021-37713 | The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. | 8.6 |
| 2021-08-31 | CVE-2021-39134 | Improper Handling of Case Sensitivity vulnerability in multiple products
`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. | 7.8 |
| 2021-08-31 | CVE-2021-39135 | `@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. | 7.8 |
| 2021-08-16 | CVE-2021-22940 | Use After Free vulnerability in multiple products
Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. | 7.5 |