| Release | Version |
|---|---|
| bullseye | 7.5.2+ds-2 |
| bookworm | 9.2.0~ds1-1 |
| trixie | 9.2.0~ds1-3 |
| forky | 9.2.0~ds2-2 |
| sid | 9.2.0~ds2-2 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2026-0775 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | npm cli Incorrect Permission Assignment Local Privilege Escalation Vul ... |
| CVE-2021-43616 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an i ... |
| CVE-2021-39135 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | `@npmcli/arborist`, the library that calculates dependency trees and m ... |
| CVE-2021-39134 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | `@npmcli/arborist`, the library that calculates dependency trees and m ... |
| Bug | Description |
|---|---|
| CVE-2020-15095 | Versions of the npm CLI prior to 6.14.6 are vulnerable to an informati ... |
| CVE-2019-16777 | Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary ... |
| CVE-2019-16776 | Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary ... |
| CVE-2019-16775 | Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary ... |
| CVE-2018-7408 | An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked ... |
| CVE-2016-3956 | The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js ... |
| CVE-2013-4116 | lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local us ... |