Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package debug, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2025-59144: debug is a JavaScript debugging utility. On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack…
CVE-2017-16137 — CVSS 5.3 (medium): The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes…
CVE-2017-20165 — CVSS 3.5 (low): A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file…