CVE-2026-0775 npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

CVE-2026-0775

The CVE-2026-0775 entry concerns npm cli. Affected component: the module-loading path in npm cli, where modules are loaded from an unsecured location. Root cause: incorrect permission assignment that allows a local attacker who can run low-privileged code to escalate privileges and execute arbitr...

CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

(0Day) npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of modules. The...

EUVD-2018-0293

Malware in sbrugna...

EUVD-2019-0798

Malware in sbrugna...

EUVD-2019-0774

Malware in sbrugna...

EUVD-2019-0805

Malware in sbrugna...

EUVD-2020-0546

Malware in sbrugna...

MAL-2024-10848 Malicious code in npm-cli-release-please (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware feabb1bb20620ae160755e66696df9de9c058ba94e59b0cd910e81fa6a1829a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in npm-cli-release-please (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware feabb1bb20620ae160755e66696df9de9c058ba94e59b0cd910e81fa6a1829a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Rocky Linux 8 : nodejs:10 (RLSA-2021:0548)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:0548 advisory. - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like ://:@::/...

Rocky Linux 8 : nodejs:12 (RLSA-2020:4272)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4272 advisory. - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like ://:@::/...

Rocky Linux 8 : nodejs:10 (RLSA-2020:0579)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:0579 advisory. - Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate CVE-2019-15604 - HTTP...

Security Bulletin: IBM Integration Bus is vulnerable to denial of service due to npm CLI module [IBM X-Force ID: 237508]

Summary IBM Integration Bus is vulnerable to denial of service due to npm CLI module IBM X-Force ID: 237508. This affects the version of Node.js which is shipped with IBM Integration Bus for which a mitigation has been recommended. Vulnerability Details IBM X-Force ID: 237508 DESCRIPTION: Node.js...

MAL-2022-4933 Malicious code in npm-cli-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb10e3aadb85207426e2f19a15effbe518d2292152d572f7bdd6e0f3fd24b0e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

npm CLI 信息泄露漏洞

npm CLI is a package manager from the US company npm. An information disclosure vulnerability exists in the npm CLI npm-packlist version v7.9.0 and v7.13.0, which stems from a runtime omission of the root-level .gitignore and .npmignore file exclusion directives...

CVE-2021-39135

@npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder...

433bf (=0.0.1), @achinet/nestjs-async (=0.0.1) +145 more potentially affected by CVE-2021-39134 via @npmcli/arborist (>=0.0.0-pre.10 <=2.10.0)

@npmcli/arborist NPM version =0.0.0-pre.10, =1.2.0, =8.1.0, =1.1.0-next.4, =0.2.7, =0.13.0, =0.0.1, =0.0.1, =0.0.29, =1.1.0-rc.283, =1.1.0-rc.282, =1.1.0-rc.292 and more Source cves: CVE-2021-39134 Source advisory: OSV:GHSA-2H3H-Q99F-3FHC...