Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 13 results


CVE-2023-45311

Medium priority
Needs evaluation

fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that...

2 affected packages

npm, qtwebengine-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
npm Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2017-20162

Medium priority
Needs evaluation

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression...

3 affected packages

chromium-browser, npm, qt6-webengine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Not affected Not affected Not affected Ignored Ignored
npm Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qt6-webengine Needs evaluation Needs evaluation Not in release Not in release Ignored
Show less packages

CVE-2022-29244

Medium priority
Needs evaluation

npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pack` or `npm publish` inside a...

1 affected packages

npm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
npm Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-43616

Medium priority
Vulnerable

** DISPUTED ** The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation,...

1 affected packages

npm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
npm Vulnerable Vulnerable Not affected Not affected Not affected
Show less packages

CVE-2021-39135

Medium priority
Needs evaluation

`@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction...

1 affected packages

npm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
npm Not affected Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-39134

Medium priority
Needs evaluation

`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the...

1 affected packages

npm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
npm Not affected Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-15095

Low priority
Needs evaluation

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value...

1 affected packages

npm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
npm Not affected Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2019-16777

Medium priority
Needs evaluation

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package...

1 affected packages

npm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
npm Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2019-16776

Medium priority
Needs evaluation

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the...

1 affected packages

npm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
npm Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2019-16775

Medium priority
Needs evaluation

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A...

1 affected packages

npm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
npm Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages