Sindresorhus File-type — known CVE vulnerabilities
Every CVE whose affected-product data names Sindresorhus File-type, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2022-36313 — CVSS 5.5 (medium): An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the…
CVE-2026-31808 — CVSS 5.3 (medium): file-type detects the file type of a file, stream, or data. Prior to 21.3.1, a denial of service vulnerability exists in the ASF (WMV/WMA)…
CVE-2026-32630 — CVSS 5.3 (medium): file-type detects the file type of a file, stream, or data. From 20.0.0 to 21.3.1, a crafted ZIP file can trigger excessive memory growth…