Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/aaptjs@1.2.2
purl pkg:npm/aaptjs@1.2.2
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.5
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-4p53-j569-tffc
Aliases:
CVE-2020-36381
GHSA-7fw7-gh23-f832
Improper Neutralization of Special Elements used in a Command ('Command Injection') An issue was discovered in the singleCrunch function in shenzhim aaptjs, allows attackers to execute arbitrary code via the filePath parameters. There are no reported fixed by versions.
VCID-9xuw-w21f-9qad
Aliases:
CVE-2020-36377
GHSA-r496-7hgp-53wf
Improper Neutralization of Special Elements used in a Command ('Command Injection') An issue was discovered in the dump function in shenzhim aaptjs, allows attackers to execute arbitrary code via the filePath parameters. There are no reported fixed by versions.
VCID-ppbc-y94c-j7d3
Aliases:
CVE-2020-36378
GHSA-4qwq-q4pr-rr7r
Improper Neutralization of Special Elements used in a Command ('Command Injection') An issue was discovered in the packageCmd function in shenzhim aaptjs, allows attackers to execute arbitrary code via the filePath parameters. There are no reported fixed by versions.
VCID-rbey-r8ps-myfv
Aliases:
CVE-2020-36380
GHSA-m7p2-ghfh-pjvx
Improper Neutralization of Special Elements used in a Command ('Command Injection') An issue was discovered in the crunch function in shenzhim aaptjs, allows attackers to execute arbitrary code via the filePath parameters. There are no reported fixed by versions.
VCID-xp3p-br7j-skgd
Aliases:
CVE-2020-36379
GHSA-9cq3-fj2h-ggj5
Improper Neutralization of Special Elements used in a Command ('Command Injection') An issue was discovered in the remove function in shenzhim aaptjs, allows attackers to execute arbitrary code via the filePath parameters. There are no reported fixed by versions.
VCID-zwdz-z74g-5bh9
Aliases:
CVE-2020-36376
GHSA-4g7x-7vgq-3j28
Improper Neutralization of Special Elements used in a Command ('Command Injection') An issue was discovered in the list function in shenzhim aaptjs, allows attackers to execute arbitrary code via the filePath parameters. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T01:04:44.045453+00:00 GitLab Importer Affected by VCID-ppbc-y94c-j7d3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/aaptjs/CVE-2020-36378.yml 38.6.0
2026-06-06T01:04:41.434942+00:00 GitLab Importer Affected by VCID-zwdz-z74g-5bh9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/aaptjs/CVE-2020-36376.yml 38.6.0
2026-06-06T01:04:36.647876+00:00 GitLab Importer Affected by VCID-9xuw-w21f-9qad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/aaptjs/CVE-2020-36377.yml 38.6.0
2026-06-06T01:04:34.160480+00:00 GitLab Importer Affected by VCID-xp3p-br7j-skgd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/aaptjs/CVE-2020-36379.yml 38.6.0
2026-06-06T01:04:31.147391+00:00 GitLab Importer Affected by VCID-4p53-j569-tffc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/aaptjs/CVE-2020-36381.yml 38.6.0
2026-06-06T01:04:26.764898+00:00 GitLab Importer Affected by VCID-rbey-r8ps-myfv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/aaptjs/CVE-2020-36380.yml 38.6.0