Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package glance, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2018-3715 — CVSS 6.5 (medium): glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a…
CVE-2022-25937 — CVSS 6.5 (medium): Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root…
CVE-2018-3748 — CVSS 6.1 (medium): There is a Stored XSS vulnerability in the glance node module versions <= 3.0.5. File name, which contains malicious HTML (eg. embedded…