npm Latest High & Critical Vulnerabilities
Latest High & Critical vulnerabilities published by npm
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Denial of Service Vulnerability in Pacote Package by NPM
CVE-2026-9496NPMPacote8.7HIGHPrototype Pollution Vulnerability in parse-ini by npm
CVE-2025-63703npmparse-ini9.8CRITICALPrototype Pollution Vulnerability in Query Parser String NPM Package
CVE-2025-63704NPMquery-parser-string9.8CRITICALOS Command Injection Vulnerability in Node-ts-ocr by NPM
CVE-2025-63705NPMnode-ts-ocr8.8HIGHNode.js Wrapper for Tesseract OCR Vulnerability Exposes Command Injection Risk
CVE-2026-26832npmnode-tesseract-ocr9.8CRITICALLocal Privilege Escalation Vulnerability in npm CLI by npm Inc.
CVE-2026-0775NpmCli7HIGHPrototype Pollution Vulnerability in spmrc Package Affecting Node.js Applications
CVE-2025-57327npmspmrc7.5HIGHPrototype Pollution Vulnerability in cli-util by npm Inc.
CVE-2024-57078npm Inc.cli-util7.5HIGHArbitrary Code Execution and Sensitive Information Theft via isPublic()
CVE-2023-42282NPMIp9.8CRITICALVulnerability in Fastify OAuth2 Affects User Session Security
CVE-2023-31999Npm@fastify/oauth28.8HIGHCommand Injection
CVE-2020-7795Get-npm-package-v...Get-npm-package-version7.3HIGHCommand Injection
CVE-2020-28445Npm-help ProjectNpm-help9.8CRITICALnpm packing does not respect root-level ignore files in workspaces
CVE-2022-29244NpmNpm7.5HIGHCommand Injection Vulnerability in npm-dependency-versions for Node.js
CVE-2022-29080Npm-dependency-ve...Npm-dependency-versions9.8CRITICALUNIX Symbolic Link (Symlink) Following in @npmcli/arborist
CVE-2021-39135NpmArborist8.2HIGHUNIX Symbolic Link (Symlink) Following in @npmcli/arborist
CVE-2021-39134NpmArborist8.2HIGHArbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
CVE-2021-37713NpmNode-tar8.2HIGHArbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
CVE-2021-37701NpmNode-tar8.2HIGHArbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
CVE-2021-37712NpmNode-tar8.2HIGHArbitrary File Creation/Overwrite due to insufficient absolute path sanitization
CVE-2021-32804NpmNode-tarπΎπ‘EPSS 84%8.2HIGHArbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
CVE-2021-32803NpmNode-tar8.2HIGHCommand Injection Vulnerability in npm-programmatic by npm
CVE-2020-7614Npm-programmatic ...Npm-programmatic9.8CRITICALArbitrary File Overwrite in npm CLI
CVE-2019-16777NpmCli7.7HIGHUnauthorized File Access in npm CLI before before version 6.13.3
CVE-2019-16776NpmCli7.7HIGHUnauthorized File Access in npm CLI before before version 6.13.3
CVE-2019-16775NpmCli7.7HIGH