cyclonedx-npm
by Cyclonedx
CVEs (1)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-55849 | hig | 0.38 | — | — | Jun 19, 2026 | ## Summary A command injection vulnerability exists in `@cyclonedx/cyclonedx-npm` when the CLI is invoked with the `--workspace ` option while the environment variable `npm_execpath` is unset or empty. User‑supplied `--workspace` values are passed to a subshell… |
- risk 0.38cvss —epss —
## Summary A command injection vulnerability exists in `@cyclonedx/cyclonedx-npm` when the CLI is invoked with the `--workspace ` option while the environment variable `npm_execpath` is unset or empty. User‑supplied `--workspace` values are passed to a subshell…