VYPR

Nvm

by Nvm Sh

Source repositories

CVEs (2)

  • CVE-2026-10796HigJun 4, 2026
    risk 0.42cvss 7.5epss 0.00

    nvm (Node Version Manager) through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as `nvm install` read the available versions from the mirror's index.tab and use the selected version, without sanitization,…

  • CVE-2026-1665MedJan 29, 2026
    risk 0.35cvss epss 0.01

    A command injection vulnerability exists in nvm (Node Version Manager) versions 0.40.3 and below. The nvm_download() function uses eval to execute wget commands, and the NVM_AUTH_HEADER environment variable was not sanitized in the wget code path (though it was sanitized in the…