Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how npmjs compares to other vendors in security performance

View Risk Score →

npm/semverVersions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (…

Risk 46
Severity
7.5
First published (updated )
CVE-2022-25883

redhat/Node.jsnpm packing does not respect root-level ignore files in workspaces

Risk 45
Severity
7.5
First published (updated )
CVE-2022-29244

npmjs npmThe npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency…

Risk 86
Severity
9.8
First published (updated )
CVE-2021-43616

Oracle GraalVMUNIX Symbolic Link (Symlink) Following in @npmcli/arborist

Risk 57
Severity
8.2
First published (updated )
CVE-2021-39134

npm/tarArbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization

Risk 73
Severity
8.6
First published (updated )
CVE-2021-37713
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

npmjs Arborist Node.jsUNIX Symbolic Link (Symlink) Following in @npmcli/arborist

Risk 57
Severity
8.2
First published (updated )
CVE-2021-39135

npmjs Tar Node.jsArbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links

Risk 75
Severity
8.6
First published (updated )
CVE-2021-37712

redhat/nodejs-tarArbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links

Risk 75
Severity
8.6
First published (updated )
CVE-2021-37701

IBM Cloud Pak for Security (CP4S)Regular Expression Denial of Service (ReDoS)

Risk 45
Severity
7.5
First published (updated )
CVE-2021-23362

IBM Cloud Pak for Security (CP4S)Regular Expression Denial of Service (ReDoS)

Risk 45
Severity
7.5
First published (updated )
CVE-2020-7754
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

openSUSE LeapSensitive information exposure through logs in npm cli

Risk 26
Severity
4.4
First published (updated )
CVE-2020-15095

redhat/nodejsArbitrary File Overwrite in npm CLI

Risk 55
Severity
7.7
First published (updated )
CVE-2019-16777

redhat/nodejsUnauthorized File Access in npm CLI before before version 6.13.3

Risk 55
Severity
7.7
First published (updated )
CVE-2019-16775

redhat/nodejsUnauthorized File Access in npm CLI before before version 6.13.3

Risk 62
Severity
8.1
First published (updated )
CVE-2019-16776

npmjs npmAn issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefor…

Risk 69
Severity
7.8
First published (updated )
CVE-2018-7408
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Nodejs Node.jsInfoleak

Risk 43
Severity
7.5
First published (updated )
CVE-2016-3956

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203