VIR Vulnerability Intelligence Relay

Package impact

npm npm / npm

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2018-7408 high 8.0 4y ago An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's bl… archdebiannpm
CVE-2019-16777 high 8.0 7y ago Important: nodejs:10 security update archsuserockylinuxdebian+1
CVE-2019-16776 high 8.0 7y ago Important: nodejs:10 security update archsuserockylinuxdebian+1
CVE-2019-16775 high 8.0 7y ago Important: nodejs:10 security update archsuserockylinuxdebian+1
CVE-2016-3956 high 7.5 7.5 10y ago The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, wh… susedebiannpm
CVE-2022-29244 medium 5.5 4y ago Moderate: nodejs and nodejs-nodemon security and bug fix update redhatsuserockylinuxnpm
CVE-2020-15095 medium 5.5 6y ago Moderate: nodejs:10 security update suserockylinuxdebiannpm
CVE-2013-4116 low 3.3 12y ago lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking a… debiannpm
CVE-2026-0775 unknown 4mo ago npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker mu… susedebiannpm