Package impact
npm / npm
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-29244 | medium | — | 5.5 | 4y ago | Moderate: nodejs and nodejs-nodemon security and bug fix update | |||
| CVE-2020-15095 | medium | — | 5.5 | 6y ago | Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:… | |||
| CVE-2013-4116 | low | — | 3.3 | 12y ago | lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking a… | |||
| CVE-2026-0775 | unknown | — | — | 4mo ago | npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker mu… |