Browse all 3 CVE security advisories affecting Npm, Inc.. AI-powered Chinese analysis, POCs, and references for each vulnerability.
npm, Inc. operates the npm registry, the default package manager for Node.js, enabling developers to share and reuse code. Historically, npm has faced vulnerabilities like remote code execution (RCE) and cross-site scripting (XSS) due to its package management ecosystem. Notable security characteristics include automated vulnerability scanning and dependency alerts, though npm has experienced incidents such as the 2018 malicious package event where compromised accounts published malicious code. With 3 CVEs on record, npm maintains a moderate security posture while addressing risks through continuous monitoring and response protocols.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2019-5423 | http-live-simulator 路径遍历漏洞 — http-live-simulatorCWE-22 | 7.5 | - | 2019-04-03 |
| CVE-2019-5422 | buttle npm package 跨站脚本漏洞 — buttleCWE-79 | 6.1 | - | 2019-04-03 |
| CVE-2018-16202 | cordova-plugin-ionic-webview 路径遍历漏洞 — cordova-plugin-ionic-webview | 7.5 | - | 2019-01-09 |
This page lists every published CVE security advisory associated with Npm, Inc.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.