Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package shiba, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2020-7738 — CVSS 8.3 (high): All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package…
CVE-2017-1000491 — CVSS 6.1 (medium): Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.