Vulnerabilidades em npm
25 resultadosCVE-2021-32804HIGHArbitrary File Creation/Overwrite due to insufficient absolute path sanitizationEPSS 15.0%CVE-2021-32803HIGHArbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoningEPSS 7.8%CVE-2022-29244HIGHnpm packing does not respect root-level ignore files in workspacesEPSS 3.4%CVE-2018-11615—This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required toEPSS 3.3%CVE-2019-16776HIGHUnauthorized File Access in npm CLI before before version 6.13.3EPSS 3.3%CVE-2019-16775HIGHUnauthorized File Access in npm CLI before before version 6.13.3EPSS 3.3%CVE-2021-32853MEDIUMErxes vulnerable to Cross-site ScriptingEPSS 3.1%CVE-2021-37701HIGHArbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic linksEPSS 3.1%CVE-2018-16472—A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are EPSS 2.1%CVE-2019-16777HIGHArbitrary File Overwrite in npm CLIEPSS 2.0%CVE-2018-16475—A Path Traversal in Knightjs versions <= 0.0.1 allows an attacker to read content of arbitrary files on a remote server.EPSS 1.8%CVE-2021-37712HIGHArbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic linksEPSS 1.7%CVE-2018-16473—A path traversal in takeapeek module versions <=0.2.2 allows an attacker to list directory and files.EPSS 1.4%CVE-2021-37713HIGHArbitrary File Creation/Overwrite on Windows via insufficient relative path sanitizationEPSS 1.2%CVE-2021-32850MEDIUMjQuery MiniColors vulnerable to Cross-site ScriptingEPSS 0.8%CVE-2018-16474—A stored xss in tianma-static module versions <=1.0.4 allows an attacker to execute arbitrary javascript.EPSS 0.8%CVE-2021-32851MEDIUMjQuery MiniColors vulnerable to Cross-site ScriptingEPSS 0.7%CVE-2021-32860MEDIUMiziModal vulnerable to Cross-site ScriptingEPSS 0.6%CVE-2021-32855MEDIUMvditor vulnerable to Cross-site ScriptingEPSS 0.6%CVE-2023-31999—All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users.EPSS 0.6%