VYPR

Node Tmp

by Raszi

Source repositories

CVEs (3)

  • CVE-2026-49982HigJun 11, 2026
    risk 0.46cvss 8.2epss 0.01

    tmp is a temporary file and directory creator for node.js. In version 0.2.6, the _assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value (Array, Buffer, or any…

  • CVE-2026-44705HigJun 11, 2026
    risk 0.46cvss 8.2epss 0.00

    tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the prefix, postfix, or dir options. By embedding traversal…

  • CVE-2025-54798Aug 7, 2025
    risk 0.00cvss epss 0.00

    tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.