Vulnerabilities (CVE)

Filtered by vendor Npm-dependency-versions Project Subscribe
Filtered by product Npm-dependency-versions
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-29080 1 Npm-dependency-versions Project 1 Npm-dependency-versions 2024-11-21 7.5 HIGH 9.8 CRITICAL
The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value.