Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/chownr@1.1.0
purl pkg:npm/chownr@1.1.0
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-9qdm-4xaz-qqhd Time-of-check Time-of-use (TOCTOU) Race Condition in chownr A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks. CVE-2017-18869
GHSA-c6rq-rjc2-86v2

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:04:34.043132+00:00 GitLab Importer Fixing VCID-9qdm-4xaz-qqhd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/chownr/CVE-2017-18869.yml 38.4.0
2026-04-11T22:15:59.991064+00:00 GitLab Importer Fixing VCID-9qdm-4xaz-qqhd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/chownr/CVE-2017-18869.yml 38.3.0
2026-04-02T22:28:11.662813+00:00 GitLab Importer Fixing VCID-9qdm-4xaz-qqhd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/chownr/CVE-2017-18869.yml 38.1.0
2026-04-01T16:46:08.381522+00:00 GitLab Importer Fixing VCID-9qdm-4xaz-qqhd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/chownr/CVE-2017-18869.yml 38.0.0
2026-04-01T15:59:52.522928+00:00 GHSA Importer Fixing VCID-9qdm-4xaz-qqhd https://github.com/advisories/GHSA-c6rq-rjc2-86v2 38.0.0
2026-04-01T13:06:23.460161+00:00 GithubOSV Importer Fixing VCID-9qdm-4xaz-qqhd https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-c6rq-rjc2-86v2/GHSA-c6rq-rjc2-86v2.json 38.0.0