Npm Security Vulnerabilities and Issues — Npm CVE List

Lucene search

NpmjsNpm

3 matches found

CVE•added 2019/12/13 1:15 a.m.•353 views

CVE-2019-16777

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of p...

7.7CVSS6.8AI score0.00287EPSS

CVE•added 2019/12/13 1:15 a.m.•248 views

CVE-2019-16775

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publ...

7.7CVSS7AI score0.003EPSS

CVE•added 2019/12/13 1:15 a.m.•213 views

CVE-2019-16776

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gai...

8.1CVSS7.4AI score0.00403EPSS