Search CVE reports


Toggle filters

11 – 13 of 13 results


CVE-2018-7408

Medium priority
Ignored

An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as “next: 5.7.0” and therefore automatically installed by an “npm upgrade -g npm” command, and also announced in the vendor’s blog without mention...

1 affected package

npm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
npm Not affected Not affected
Show less packages

CVE-2016-3956

Medium priority

Some fixes available 2 of 7

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers...

1 affected package

npm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
npm Not affected Not affected Fixed Fixed
Show less packages

CVE-2013-4116

Medium priority
Ignored

lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

1 affected package

npm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
npm Not affected Not affected
Show less packages