Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

npm — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting npm. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products npm:clinode-tararboristnpm moscacached-path-relativetakeapeektianma-staticknightjs@claviska/jquery-minicolorsmind-elixirerxestextangularvditoriziModalnpm@fastify/oauth2
CVE IDTitleCVSSSeverityPaused
CVE-2026-0775 npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability — cliCWE-732 7.8 -2026-01-23
CVE-2023-31999 Fastify 跨站请求伪造漏洞 — @fastify/oauth2 7.1 -2023-07-04
CVE-2021-32851 jQuery MiniColors vulnerable to Cross-site Scripting — mind-elixirCWE-79 6.1 Medium2023-02-20
CVE-2021-32860 iziModal vulnerable to Cross-site Scripting — iziModalCWE-79 6.1 Medium2023-02-20
CVE-2021-32855 vditor vulnerable to Cross-site Scripting — vditorCWE-79 6.1 Medium2023-02-20
CVE-2021-32854 textAngular text editor vulnerable to Cross-site Scripting — textangularCWE-79 6.1 Medium2023-02-20
CVE-2021-32853 Erxes vulnerable to Cross-site Scripting — erxesCWE-79 6.1 Medium2023-02-20
CVE-2021-32850 jQuery MiniColors vulnerable to Cross-site Scripting — @claviska/jquery-minicolorsCWE-79 6.1 Medium2023-02-20
CVE-2022-29244 npm packing does not respect root-level ignore files in workspaces — npmCWE-200 7.5 -2022-06-13
CVE-2021-39135 UNIX Symbolic Link (Symlink) Following in @npmcli/arborist — arboristCWE-61 8.2 High2021-08-31
CVE-2021-39134 UNIX Symbolic Link (Symlink) Following in @npmcli/arborist — arboristCWE-61 8.2 High2021-08-31
CVE-2021-37713 Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization — node-tarCWE-22 8.2 High2021-08-31
CVE-2021-37701 Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links — node-tarCWE-22 8.2 High2021-08-31
CVE-2021-37712 Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links — node-tarCWE-22 8.2 High2021-08-31
CVE-2021-32804 Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization — node-tarCWE-22 8.2 High2021-08-03
CVE-2021-32803 Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning — node-tarCWE-22 8.2 High2021-08-03
CVE-2020-15095 Sensitive information exposure through logs in npm cli — cliCWE-532 4.4 Medium2020-07-07
CVE-2019-16777 Arbitrary File Overwrite in npm CLI — cliCWE-22 7.7 High2019-12-13
CVE-2019-16776 Unauthorized File Access in npm CLI before before version 6.13.3 — cliCWE-22 7.7 High2019-12-13
CVE-2019-16775 Unauthorized File Access in npm CLI before before version 6.13.3 — cliCWE-61 7.7 High2019-12-13
CVE-2018-16474 tianma-static module 跨站脚本漏洞 — tianma-staticCWE-79 6.1 -2018-11-06
CVE-2018-16473 takeapeek module 路径遍历漏洞 — takeapeekCWE-22 5.3 -2018-11-06
CVE-2018-16475 Knightjs 路径遍历漏洞 — knightjsCWE-22 7.5 -2018-11-06
CVE-2018-16472 cached-path-relative 安全漏洞 — cached-path-relativeCWE-400 7.5 -2018-11-06
CVE-2018-11615 npm mosca 安全漏洞 — npm moscaCWE-20 7.5 -2018-08-30

This page lists every published CVE security advisory associated with npm. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.