sindresorhus

Security Risk Profile

/100

low

Security Risk Score

Comprehensive risk assessment based on 3 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from July 21, 2022 to present

Total CVEs

Critical+High

Exploited

Unpatched

Threat Assessment

Avg CVSS

5.4

Base severity

Avg EPSS

Exploit probability

Unpatched

Critical/High

Risk Level

19/100

low

Severity Distribution

Critical

High

Medium

Low

Exploit Likelihood

>50% chance

20-50%

5-20%

<5%

Age Distribution

Common Weaknesses (CWE)

No CWE data available

Most Affected Products

1. npm/file-type4

2. sindresorhus File-type Node.js4

3. redhat/file-type3

4. File-type Project File-type Node.js2

5. IBM watsonx.data1

Recent Vulnerabilities

See more →

CVE-2026-32630

CVSS 5.3EPSS 0%medium

file-type affected by ZIP Decompression Bomb DoS via [Content_Types].xml entry

3/13/2026

CVE-2026-31808

CVSS 5.3EPSS 0%medium

file-type affected by infinite loop in ASF parser on malformed input with zero-size sub-header

Monitor sindresorhus in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free Trial Book a Demo