pkg:Debian/npm

All known vulnerabilities

• CRITICAL9.8CVE-2021-43616The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json diffe…
  from 0
• HIGH8.2CVE-2021-39134@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following
  from 0
• HIGH8.2CVE-2021-39135UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
  from 0
• HIGH7.7CVE-2019-16777npm Vulnerable to Global node_modules Binary Overwrite
  from 0, < 6.13.4+ds-2
• HIGH7.7CVE-2019-16776npm symlink reference outside of node_modules
  from 0, < 6.13.4+ds-2
• HIGH7.7CVE-2019-16775Arbitrary File Write in npm
  from 0, < 6.13.4+ds-2
• HIGH7.5CVE-2016-3956npm Token Leak in npm
  from 0, < 5.8.0+ds-2
• HIGH7.0CVE-2026-0775Duplicate Advisory: npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
  from 0
• MEDIUM4.4CVE-2020-15095npm CLI exposing sensitive information through logs
  from 0, < 6.14.6+ds-1
• —CVE-2013-4116Local Privilege Escalation in npm
  from 0, < 1.3.10~dfsg-1