VYPR

npm package

nanoid

pkg:npm/nanoid

Vulnerabilities (2)

  • CVE-2024-55565MedDec 9, 2024
    affected >= 4.0.0, < 5.0.9fixed 5.0.9

    nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.

  • CVE-2021-23566Jan 14, 2022
    affected >= 3.0.0, < 3.1.31fixed 3.1.31

    The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.