Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/acorn@6.4.1
purl pkg:npm/acorn@6.4.1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-4t4e-47cq-2ffx Withdrawn: ESLint dependencies are vulnerable (ReDoS and Prototype Pollution) **Withdrawn** GitHub has withdrawn this advisory in place of GHSA-vh95-rmgr-6w4m and GHSA-6chw-6frg-f759. The reason for withdrawing is that some mistakes were made during the ingestion of CVE-2020-7598 which caused this advisory to be published with incorrect information. In order to provide accurate advisory information, new advisories were created: - minimist: https://github.com/advisories/GHSA-vh95-rmgr-6w4m - acorn: https://github.com/advisories/GHSA-6chw-6frg-f759 GHSA-7fhm-mqm4-2wp7
VCID-9eyp-2a6k-xya4 Regular Expression Denial of Service in Acorn Affected versions of acorn are vulnerable to Regular Expression Denial of Service. A regex in the form of /[x-\ud800]/u causes the parser to enter an infinite loop. The string is not valid UTF16 which usually results in it being sanitized before reaching the parser. If an application processes untrusted input and passes it directly to acorn, attackers may leverage the vulnerability leading to Denial of Service. GHSA-6chw-6frg-f759
GMS-2020-702
VCID-znj9-9zem-s3c9 Regular Expression Denial of Service A regex in the form of `/[x-\ud800]/u` causes the parser to enter an infinite loop. The string is not valid UTF16 which usually results in it being sanitized before reaching the parser. GMS-2020-1

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-01T14:21:22.785162+00:00 GHSA Importer Fixing VCID-9eyp-2a6k-xya4 https://github.com/advisories/GHSA-6chw-6frg-f759 38.6.0
2026-04-29T19:39:43.625589+00:00 GitLab Importer Fixing VCID-9eyp-2a6k-xya4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/acorn/GMS-2020-702.yml 38.5.0
2026-04-16T21:02:22.341640+00:00 GitLab Importer Fixing VCID-9eyp-2a6k-xya4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/acorn/GMS-2020-702.yml 38.4.0
2026-04-16T01:32:16.282657+00:00 GHSA Importer Fixing VCID-9eyp-2a6k-xya4 https://github.com/advisories/GHSA-6chw-6frg-f759 38.4.0
2026-04-11T22:13:43.447733+00:00 GitLab Importer Fixing VCID-9eyp-2a6k-xya4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/acorn/GMS-2020-702.yml 38.3.0
2026-04-11T13:01:37.419312+00:00 GHSA Importer Fixing VCID-9eyp-2a6k-xya4 https://github.com/advisories/GHSA-6chw-6frg-f759 38.3.0
2026-04-02T22:26:04.775972+00:00 GitLab Importer Fixing VCID-9eyp-2a6k-xya4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/acorn/GMS-2020-702.yml 38.1.0
2026-04-02T13:53:37.975029+00:00 GHSA Importer Fixing VCID-9eyp-2a6k-xya4 https://github.com/advisories/GHSA-6chw-6frg-f759 38.1.0
2026-04-02T12:36:36.188383+00:00 GitLab Importer Fixing VCID-9eyp-2a6k-xya4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/acorn/GMS-2020-702.yml 38.0.0
2026-04-02T12:36:28.631367+00:00 GitLab Importer Fixing VCID-znj9-9zem-s3c9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/acorn/GMS-2020-1.yml 38.0.0
2026-04-01T15:58:02.957110+00:00 GHSA Importer Fixing VCID-9eyp-2a6k-xya4 https://github.com/advisories/GHSA-6chw-6frg-f759 38.0.0
2026-04-01T15:58:01.182945+00:00 GHSA Importer Fixing VCID-4t4e-47cq-2ffx https://github.com/advisories/GHSA-7fhm-mqm4-2wp7 38.0.0
2026-04-01T13:00:15.561484+00:00 GithubOSV Importer Fixing VCID-4t4e-47cq-2ffx https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/03/GHSA-7fhm-mqm4-2wp7/GHSA-7fhm-mqm4-2wp7.json 38.0.0
2026-04-01T12:59:28.642483+00:00 GithubOSV Importer Fixing VCID-9eyp-2a6k-xya4 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/04/GHSA-6chw-6frg-f759/GHSA-6chw-6frg-f759.json 38.0.0