Package impact
npm / basic-ftp
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44240 | high | 7.5 | 7.5 | 17d ago | basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering | |||
| CVE-2026-41324 | unknown | — | — | 1mo ago | basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A mal… | |||
| CVE-2026-39983 | unknown | — | — | 2mo ago | basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences (\r\n) in file path parameters passed to high-level path APIs such as cd(), remove(),… | |||
| CVE-2026-27699 | unknown | — | — | 3mo ago | The `basic-ftp` FTP client library for Node.js contains a path traversal vulnerability (CWE-22) in versions prior to 5.2.0 in the `downloadToDir()` method. A malicious FTP server can send directory l… |