Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package tmp, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2026-44705 — CVSS 8.2 (high): tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that…
CVE-2026-49982 — CVSS 8.2 (high): tmp is a temporary file and directory creator for node.js. In version 0.2.6, the _assertPath guard added to tmp rejects only string values…
CVE-2025-54798 — CVSS 2.5 (low): tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file /…