Browse all 3 CVE security advisories affecting sindresorhus. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Sindresorhus develops popular open-source JavaScript packages with widespread npm adoption, primarily serving as utility libraries for web development. Historically, their packages have been susceptible to cross-site scripting (XSS) vulnerabilities due to improper input sanitization and insecure handling of user-provided data. While no major security incidents have been widely documented, the three CVEs associated with the project highlight recurring issues related to insufficient output encoding and inadequate validation of external inputs. These vulnerabilities typically allow attackers to execute arbitrary code in the context of affected applications or inject malicious content into web pages, underscoring the importance of proper input handling in widely distributed utility libraries.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32630 | file-type affected by ZIP Decompression Bomb DoS via [Content_Types].xml entry — file-typeCWE-409 | 5.3 | Medium | 2026-03-13 |
| CVE-2026-31808 | file-type affected by infinite loop in ASF parser on malformed input with zero-size sub-header — file-typeCWE-835 | 5.3 | Medium | 2026-03-10 |
| CVE-2021-3795 | Inefficient Regular Expression Complexity in sindresorhus/semver-regex — sindresorhus/semver-regexCWE-1333 | 7.5 | - | 2021-09-15 |
This page lists every published CVE security advisory associated with sindresorhus. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.