Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

npm — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting npm. AI-powered Chinese analysis, POCs, and references for each vulnerability.

npm serves as the default package manager for the JavaScript ecosystem, facilitating the distribution and installation of open-source code for Node.js applications. Its central role in software supply chains makes it a critical infrastructure component, though this prominence has attracted significant security scrutiny. Historically, vulnerabilities within the npm registry and associated tools have frequently involved remote code execution, cross-site scripting, and privilege escalation, often stemming from insecure dependency resolution or malicious package injection. Notable incidents include the compromise of popular libraries like event-stream, which demonstrated how attackers could insert backdoors into widely used modules, affecting downstream projects. With approximately 25 recorded CVEs, the platform continues to face challenges related to supply chain integrity. These incidents highlight the risks inherent in centralized dependency management, prompting ongoing efforts to enhance verification processes and mitigate the impact of compromised packages on global development workflows.

Found 5 results / 25Clear Filters
Top products by npm: cli node-tar arborist npm mosca cached-path-relative takeapeek tianma-static knightjs @claviska/jquery-minicolors mind-elixir erxes textangular vditor iziModal npm @fastify/oauth2
CVE IDTitleCVSSSeverityPublished
CVE-2026-0775 npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability — cliCWE-732 7.8 -2026-01-23
CVE-2020-15095 Sensitive information exposure through logs in npm cli — cliCWE-532 4.4 Medium2020-07-07
CVE-2019-16777 Arbitrary File Overwrite in npm CLI — cliCWE-22 7.7 High2019-12-13
CVE-2019-16776 Unauthorized File Access in npm CLI before before version 6.13.3 — cliCWE-22 7.7 High2019-12-13
CVE-2019-16775 Unauthorized File Access in npm CLI before before version 6.13.3 — cliCWE-61 7.7 High2019-12-13

This page lists every published CVE security advisory associated with npm. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.