Every CVE whose affected-product data names Npmjs Npm, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2021-43616 — CVSS 9.0 (critical): The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json…
CVE-2018-7408 — CVSS 7.8 (high): An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm…
CVE-2019-16775 — CVSS 7.7 (high): Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files…
CVE-2019-16776 — CVSS 7.7 (high): Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the…
CVE-2019-16777 — CVSS 7.7 (high): Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed…
CVE-2022-29244 — CVSS 7.5 (high): npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie…
CVE-2016-3956 — CVSS 7.5 (high): The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5…
CVE-2020-15095 — CVSS 4.4 (medium): Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs…