| Bug | jessie | buster | bullseye | bookworm | trixie | sid | Description |
|---|
| CVE-2021-43616 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an i ... |
| CVE-2021-39135 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | `@npmcli/arborist`, the library that calculates dependency trees and m ... |
| CVE-2021-39134 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | `@npmcli/arborist`, the library that calculates dependency trees and m ... |
| CVE-2020-15095 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | Versions of the npm CLI prior to 6.14.6 are vulnerable to an informati ... |
| CVE-2019-16777 | vulnerable | fixed | fixed | fixed | fixed | fixed | Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary ... |
| CVE-2019-16776 | vulnerable | fixed | fixed | fixed | fixed | fixed | Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary ... |
| CVE-2019-16775 | vulnerable | fixed | fixed | fixed | fixed | fixed | Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary ... |
| CVE-2016-3956 | vulnerable | fixed | fixed | fixed | fixed | fixed | The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js ... |