Shescape Project Shescape — known CVE vulnerabilities
Every CVE whose affected-product data names Shescape Project Shescape, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2022-31180 — CVSS 9.8 (critical): Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when…
CVE-2022-31179 — CVSS 8.1 (high): Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to code injection on windows…
CVE-2026-32094 — CVSS 6.5 (medium): Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescape#escape() does not escape square-bracket glob syntax for…
CVE-2023-40185 — CVSS 6.5 (medium): shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The…
CVE-2021-21384 — CVSS 6.3 (medium): shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell…
CVE-2022-24725 — CVSS 6.2 (medium): Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix…
CVE-2022-36064 — CVSS 5.9 (medium): Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability impacts users that use…
CVE-2022-25918 — CVSS 5.3 (medium): The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in…
CVE-2023-35931 — CVSS 3.1 (low): Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This…