CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-1409

Malicious code in bioql PyPI...

10CVSS4.9AI score0.00461EPSS

Exploits1References4

Veracode•added 2022/03/04 5:14 a.m.•16 views

OS Command Injection

npm-lockfile is vulnerable to OS command injection. An attacker is able to inject malicious OS command to invoke sensitive command execution API...

9.8CVSS3.3AI score0.00461EPSS

Exploits1References2Affected Software1

RedhatCVE•added 2022/03/04 12:19 a.m.•36 views

CVE-2022-0841

A flaw was found in npm-lockfile, where npm-lockfile v2 did not sanitize the only parameter before invoking sensitive command execution API with the input. This issue leads to a command injection vulnerability...

10CVSS3AI score0.00461EPSS

Exploits1References4

Github Security Blog•added 2022/03/04 12:0 a.m.•19 views

OS Command injection in npm-lockfile

npm-lockfile safely generates an npm lockfile and output it to the filename of your choice. npm-lockfile before 2.0.4 does not santize unsafe external input and invoke sensitive command execution API with the input, causing command injection vulnerability. A fix was released in version 2.0.5...

10CVSS4.6AI score0.00461EPSS

Exploits1References4Affected Software1

OSV•added 2022/03/04 12:0 a.m.•19 views

GHSA-CR6M-62PQ-HMQH OS Command injection in npm-lockfile

9.8CVSS9.8AI score0.00461EPSS

Exploits1References4

NVD•added 2022/03/03 4:15 p.m.•8 views

CVE-2022-0841

OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4...

10CVSS0.00461EPSS

Exploits1References2

Prion•added 2022/03/03 4:15 p.m.•11 views

Command injection

OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4...

10CVSS9.8AI score0.00461EPSS

Exploits1References2Affected Software1

Cvelist•added 2022/03/03 3:50 p.m.•13 views

CVE-2022-0841 OS Command Injection in ljharb/npm-lockfile

OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4...

3.8CVSS10AI score0.00461EPSS

Exploits1References2

CVE•added 2022/03/03 3:50 p.m.•85 views

CVE-2022-0841

CVE-2022-0841 concerns OS command injection in ljharb/npm-lockfile (GitHub: npm-lockfile) for versions 2.0.3 and 2.0.4. The Red Hat entry notes a flaw where npm-lockfile v2 did not sanitize the only parameter before invoking a sensitive command execution API, enabling command injection. Other sou...

10CVSS7AI score0.00461EPSS

Exploits1References2Affected Software1

OSV•added 2022/03/03 3:50 p.m.•9 views

CVE-2022-0841 OS Command Injection in ljharb/npm-lockfile

OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4...

3.8CVSS5.1AI score0.00461EPSS

Exploits1References4

CNNVD•added 2022/03/03 12:0 a.m.•1 views

npm-lockfile 操作系统命令注入漏洞

npm-lockfile is an open source tool. It can securely generate npm lockfiles and output them to a filename of your choice. A security vulnerability exists in versions prior to npm-lockfile v2.0.5, which can be exploited by attackers to perform OS command injection...

10CVSS5.9AI score0.00461EPSS

Exploits1References4

Huntr•added 2022/02/28 7:32 p.m.•13 views

OS Command Injection

Description npm-lockfile before 2.0.4 does not santize unsafe external input and invoke sensitive command execution API with the input, causing command injection vulnerability. Proof of Concept // npm i [email protected] const getLockfile = require'npm-lockfile/getLockfile';...

10CVSS3AI score0.00461EPSS

Exploits1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by