| CVE-2018-7408 |
high |
— |
8.0 |
|
|
|
4y ago |
An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's bl… |
| CVE-2019-16777 |
high |
— |
8.0 |
|
|
|
7y ago |
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For e… |
| CVE-2019-16776 |
high |
— |
8.0 |
|
|
|
7y ago |
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly … |
| CVE-2019-16775 |
high |
— |
8.0 |
|
|
|
7y ago |
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon… |
| CVE-2016-3956 |
high |
7.5 |
7.5 |
|
|
|
10y ago |
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, wh… |
| CVE-2022-29244 |
medium |
— |
5.5 |
|
|
|
4y ago |
Moderate: nodejs and nodejs-nodemon security and bug fix update |
| CVE-2020-15095 |
medium |
— |
5.5 |
|
|
|
6y ago |
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:… |
| CVE-2026-0775 |
unknown |
— |
— |
|
|
|
4mo ago |
npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker mu… |
