VYPR

apk package

chainguard/npm-10.8.2

pkg:apk/chainguard/npm-10.8.2

Vulnerabilities (2)

  • CVE-2025-64756Nov 17, 2025
    affected < 0fixed 0

    Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names.

  • CVE-2025-5889LowJun 9, 2025
    affected < 10.8.2-r4fixed 10.8.2-r4

    A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be l