Skip to content
← Back to Vulnerability Database
HIGHCWE-1104Supply Chain

NPM Dependency With Known CVE

Description

Your project depends on npm packages with publicly known vulnerabilities (CVEs) that have available fixes.

How Vezraa Detects It

We check your package.json against a curated list of recent high-severity CVEs in commonly used npm packages.

Real-World Impact

Known CVEs are actively exploited in the wild. Attackers scan for apps using vulnerable versions and deploy automated attacks.

Fix Example

npm audit fix
# Or update manually:
npm update express@4.19.2
# Check:
npm audit --audit-level=high

Affected Stacks

Node.jsNPM

References

Check if your app has this vulnerability

Scan your app in 25 seconds — no install, no code access required.

NPM Dependency With Known CVE — Vulnerability Database | Vezraa