Release | Version |
---|---|
buster | 5.8.0+ds6-4+deb10u2 |
bullseye | 7.5.2+ds-2 |
bookworm | 9.2.0~ds1-1 |
trixie | 9.2.0~ds1-2 |
sid | 9.2.0~ds1-2 |
Bug | buster | bullseye | bookworm | trixie | sid | Description |
---|---|---|---|---|---|---|
CVE-2021-43616 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an i ... |
CVE-2021-39135 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | `@npmcli/arborist`, the library that calculates dependency trees and m ... |
CVE-2021-39134 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | `@npmcli/arborist`, the library that calculates dependency trees and m ... |
Bug | Description |
---|---|
CVE-2020-15095 | Versions of the npm CLI prior to 6.14.6 are vulnerable to an informati ... |
CVE-2019-16777 | Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary ... |
CVE-2019-16776 | Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary ... |
CVE-2019-16775 | Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary ... |
CVE-2018-7408 | An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked ... |
CVE-2016-3956 | The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js ... |
CVE-2013-4116 | lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local us ... |