@evershop/evershop (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package @evershop/evershop, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (12)
CVE-2023-46498 — CVSS 9.8 (critical): An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code…
CVE-2023-46943 — CVSS 9.1 (critical): An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is…
CVE-2023-46496 — CVSS 8.3 (high): Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via…
CVE-2025-67419 — CVSS 7.5 (high): A Denial of Service (DoS) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's…
CVE-2023-46942 — CVSS 7.5 (high): Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive…
CVE-2025-67427 — CVSS 6.5 (medium): A Blind Server-Side Request Forgery (SSRF) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server…
CVE-2023-46499 — CVSS 6.1 (medium): Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information…
CVE-2023-46494 — CVSS 6.1 (medium): Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information…
CVE-2023-46495 — CVSS 6.1 (medium): Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information…
CVE-2023-46497 — CVSS 5.4 (medium): Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via…
CVE-2023-46493 — CVSS 5.3 (medium): Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via…
CVE-2025-12919 — CVSS 3.7 (low): A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order…