npm vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2022-29244Highnpm: Packing does not respect root-level ignore files in workspacesCVE-2018-7408Highnpm: Incorrect Permission Assignment for Critical Resource in NPMCVE-2013-4116Lownpm: Local Privilege Escalation in npmCVE-2020-15095Mediumnpm: npm CLI exposing sensitive information through logsCVE-2019-16777Highnpm: npm Vulnerable to Global node_modules Binary OverwriteCVE-2019-16776Highnpm: npm symlink reference outside of node_modulesCVE-2019-16775Highnpm: Arbitrary File Write in npmCVE-2016-3956Highnpm: npm Token Leak in npm

Stop the waste.
Protect your environment with Kodem.