CRITICAL9.8CVE-2021-43616The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json diffe…
from 0
HIGH8.2CVE-2021-39134@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following
from 0
HIGH8.2CVE-2021-39135UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
from 0
HIGH7.7npm Vulnerable to Global node_modules Binary Overwrite
from 0, < 6.13.4+ds-2
HIGH7.7npm symlink reference outside of node_modules
from 0, < 6.13.4+ds-2
HIGH7.7Arbitrary File Write in npm
from 0, < 6.13.4+ds-2
HIGH7.5npm Token Leak in npm
from 0, < 5.8.0+ds-2
HIGH7.0Duplicate Advisory: npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
from 0
MEDIUM4.4npm CLI exposing sensitive information through logs
from 0, < 6.14.6+ds-1
—Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service (DoS) via the addGitSha function.