Vulnerability DB

Detailed information and remediation guidance for known vulnerabilities.
Find out if you have vulnerabilities that put you at risk Test your code
Vulnerability Affects Type Published
  • H
Arbitrary File Write
npm <6.13.3 npm 12 Dec, 2019
  • H
Arbitrary File Overwrite
npm <6.13.4 npm 12 Dec, 2019
  • M
npm Token Leak
npm <2.15.1,>=3.0.0 <3.8.4 npm 20 Apr, 2016
  • M
Insertion of Sensitive Information into Log File
npm <6.14.6 npm 08 Jul, 2020
  • M
Access Restriction Bypass
npm <5.7.1 npm 21 Mar, 2018
  • M
Symlink attack due to predictable tmp folder names
npm <1.3.3 npm 13 Feb, 2017
  • L
Unauthorized File Access
npm <6.13.3 npm 12 Dec, 2019
  • H
Malicious Package
malicious-npm-package * npm 17 Nov, 2019
  • H
Malicious Package
load-from-cwd-or-npm >=3.0.2 <3.0.4 npm 18 Jul, 2019
  • H
Malicious Package
npm_scripts_test_metrics * npm 17 Sep, 2017
  • H
Malicious Package
npm-exploit * npm 17 Sep, 2017
  • H
Directory Traversal
simple-npm-registry * npm 11 Jul, 2017
  • H
Uninitialized Memory Exposure
npmconf <2.1.3 npm 13 May, 2018
  • H
Resources Downloaded over Insecure Protocol
npm-test-sqlite3-trunk * npm 04 Jan, 2017
  • M
Remote Code Execution (RCE)
npm-git-publish * npm 12 Jan, 2020
  • M
Malicious Package
npm-script-demo * npm 06 Dec, 2017
  • M
Insertion of Sensitive Information into Log File
npm-registry-fetch <4.0.5,>=5.0.0 <8.1.1 npm 08 Jul, 2020
  • L
Command Injection
npm-programmatic * npm 01 Apr, 2020
  • L
Arbitrary File Write
@pnpm/package-bins <4.0.1 npm 13 Dec, 2019