Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/harp@0.30.0
purl pkg:npm/harp@0.30.0
Next non-vulnerable version 0.40.2
Latest non-vulnerable version 0.40.3
Risk
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-8rur-pahm-2ufg
Aliases:
CVE-2019-5438
GHSA-6fmm-47qc-p4m4
Path traversal using symlink in npm harp module.
0.40.3
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-8rur-pahm-2ufg Path traversal using symlink in npm harp module. CVE-2019-5438
GHSA-6fmm-47qc-p4m4
VCID-qk98-y86c-y7dy Information Exposure Through Directory Listing Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules. CVE-2019-5437
GHSA-46hv-7769-j7rx

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-31T10:12:34.332776+00:00 Npm Importer Affected by VCID-8rur-pahm-2ufg https://github.com/nodejs/security-wg/blob/main/vuln/npm/499.json 38.6.0
2026-05-30T20:55:06.518810+00:00 GitLab Importer Fixing VCID-qk98-y86c-y7dy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/harp/CVE-2019-5437.yml 38.6.0
2026-05-30T20:55:06.453437+00:00 GitLab Importer Fixing VCID-8rur-pahm-2ufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/harp/CVE-2019-5438.yml 38.6.0