VulnerableCode Package Details - pkg:npm/clamscan@1.3.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/clamscan@1.3.0

Essentials
History (3)

purl	pkg:npm/clamscan@1.3.0

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-qtgd-uwy8-ffaw	Clamscan vulnerable to command injection clamscan through 1.2.0 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the `_is_clamav_binary` function located within `Index.js`. It should be noted that this vulnerability requires a pre-requisite that a folder should be created with the same command that will be chained to execute. This lowers the risk of this issue.	CVE-2020-7613 GHSA-5v25-xr56-phph

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-04T14:32:33.238182+00:00	GHSA Importer	Fixing	VCID-qtgd-uwy8-ffaw	https://github.com/advisories/GHSA-5v25-xr56-phph	38.1.0
2026-04-02T12:36:36.722557+00:00	GitLab Importer	Fixing	VCID-qtgd-uwy8-ffaw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/clamscan/CVE-2020-7613.yml	38.0.0
2026-04-01T13:08:33.521212+00:00	GithubOSV Importer	Fixing	VCID-qtgd-uwy8-ffaw	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5v25-xr56-phph/GHSA-5v25-xr56-phph.json	38.0.0