npm package
nanoid
pkg:npm/nanoid
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-55565 | Med | 4.3 | >= 4.0.0, < 5.0.9 | 5.0.9 | Dec 9, 2024 | nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version. | |
| CVE-2021-23566 | — | >= 3.0.0, < 3.1.31 | 3.1.31 | Jan 14, 2022 | The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated. |
- affected >= 4.0.0, < 5.0.9fixed 5.0.9
nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.
- CVE-2021-23566Jan 14, 2022affected >= 3.0.0, < 3.1.31fixed 3.1.31
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.