Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package blamer, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2019-10807 — CVSS 9.8 (critical): Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments…
CVE-2020-8137 — CVSS 9.8 (critical): Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an…
CVE-2023-26143 — CVSS 6.5 (medium): Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile() API. The library does not…