@01.software/cli (>=0.1.1 <=0.2.0-dev.260310.cf511cb), @01.software/sdk (>=0.0.1-251008.90016 <=0.3.0) +33 more potentially affected by CVE-2026-34751 via payload (>=3.0.0-alpha.46 <=3.79.0)

payload NPM version =3.0.0-alpha.46, =0.1.1, =0.0.1-251008.90016, =0.0.6, =0.0.3, =1.0.1-beta.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =3.64.0, =0.0.1-beta.0, =0.2.0, =0.2.14 and more Source cves: CVE-2026-34751 Source advisory: SNYK:JS-PAYLOAD-15871108...

@george.talusan/node-red-contrib-copilot (>=0.0.5 <=1.0.5), @github/copilot-sdk (>=0.1.9 <=0.1.31-unstable.0) +19 more potentially affected by CVE-2026-29783 via @github/copilot (>=0.0.375 <=0.0.421)

@github/copilot NPM version =0.0.375, =0.0.5, =0.1.9, =1.1.0, =0.0.0, =0.0.1, =1.2.3, =0.6.0, =1.0.1, =0.1.0, =1.0.0, =1.0.0, =1.0.15 - devdoctor-js =0.1.0 and more Source cves: CVE-2026-29783 Source advisory: SNYK:JS-GITHUBCOPILOT-15468228...

02.aula (=1.0.0), 19json-validator (>=0.0.3 <=0.0.4) +3293 more potentially affected by CVE-2026-24001 via diff (>=5.0.0 <=5.2.0)

diff NPM version =5.0.0, =0.0.3, =0.0.1, =0.1.23, =0.1.4, =1.0.0, =1.0.7, =10.4.0, =9.0.0, =10.0.0, =10.0.0, =10.6.0 and more Source cves: CVE-2026-24001 Source advisory: OSV:GHSA-73RR-HH4G-FPGX...

@cenk1cenk2/renovate-config (>=2.0.0 <=2.3.148), @jamietanna/patch-testing (>=0.1.0 <=0.2.28) +9 more potentially affected by unknown CVE via renovate (>=31.97.3 <=40.21.2)

renovate NPM version =31.97.3, =2.0.0, =0.1.0, =0.1.0, =0.5.0, =0.1.0, =0.1.0, =1.1.130, =0.0.1, =0.19.0 - @zotero-chinese/renovate-config =1.0.3 Source cves: unknown CVE Source advisory: SNYK:JS-RENOVATE-14927384...

Directory Traversal in evershop

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint...

npm: Arbitrary file write via constructed entry in the package.json bin field

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...

PT-2019-1106 · Npm +6 · Npm +6

Name of the Vulnerable Software and Affected Versions: npm CLI versions prior to 6.13.3 Description: The issue is related to errors in link handling in the npm and Yarn package managers. Exploitation of this issue may allow a remote attacker to write arbitrary files by creating a symbolic link to...

0.extends.wechat (>=1.0.51 <=1.0.65), 02vue_toast_demo (>=1.0.0 <=1.0.4) +17757 more potentially affected by unknown CVE via mem (>=0.1.1 <=3.0.1)

mem NPM version =0.1.1, =1.0.51, =1.0.0, =8.3.5, =0.0.1, =2.0.0, =0.0.1-alpha.1, =1.0.0, =1.0.4, =0.0.3, =1.0.0, =0.0.2, =0.3.0, =0.23.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-4XCV-9JJX-GFJ3...