snyk-broker (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package snyk-broker, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2020-7654 — CVSS 7.5 (high): All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.
CVE-2020-7650 — CVSS 6.5 (medium): All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads…
CVE-2020-7648 — CVSS 6.5 (medium): All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access…
CVE-2020-7652 — CVSS 6.5 (medium): All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to…
CVE-2020-7653 — CVSS 6.5 (medium): All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to…
CVE-2020-7649 — CVSS 4.9 (medium): This affects the package snyk-broker before 4.73.0. It allows arbitrary file reads for users with access to Snyk's internal network via…
CVE-2020-7651 — CVSS 4.3 (medium): All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to…