VYPR

apk package

wolfi/npm-doc

pkg:apk/wolfi/npm-doc

Vulnerabilities (6)

  • CVE-2025-64756Nov 17, 2025
    affected < 11.6.4-r0fixed 11.6.4-r0

    Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names.

  • CVE-2025-64118MedOct 30, 2025
    affected < 0fixed 0

    node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2.

  • CVE-2025-5889LowJun 9, 2025
    affected < 11.4.2-r0fixed 11.4.2-r0

    A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be l

  • CVE-2024-21538HigNov 8, 2024
    affected < 0fixed 0

    Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted

  • CVE-2024-28863Mar 21, 2024
    affected < 10.5.1-r0fixed 10.5.1-r0

    node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js cl

  • CVE-2023-42282Feb 8, 2024
    affected < 10.4.0-r1fixed 10.4.0-r1

    The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.

VYPR — Vulnerability Intelligence