follow-redirects (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package follow-redirects, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2023-26159 — CVSS 7.3 (high): Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by…
CVE-2022-0155 — CVSS 6.5 (medium): follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
CVE-2024-28849 — CVSS 6.5 (medium): follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. In…
CVE-2022-0536 — CVSS 2.6 (low): Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8.