Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/jszip@2.1.1
purl pkg:npm/jszip@2.1.1
Next non-vulnerable version 3.8.0
Latest non-vulnerable version 3.8.0
Risk 3.3
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-7khg-6cgr-wubp
Aliases:
CVE-2022-48285
GHSA-36fh-84j7-cv5h
JSZip contains Path Traversal via loadAsync loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.
3.8.0
Affected by 0 other vulnerabilities.
VCID-yjr3-4qd5-4kg7
Aliases:
CVE-2021-23413
GHSA-jg8v-48h5-wgxg
Prototype Pollution This affects the package jszip Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance.
2.7.0
Affected by 1 other vulnerability.
3.7.0
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T03:25:43.619207+00:00 GitLab Importer Affected by VCID-7khg-6cgr-wubp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/jszip/CVE-2022-48285.yml 38.6.0
2026-06-06T00:48:51.707741+00:00 GitLab Importer Affected by VCID-yjr3-4qd5-4kg7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/jszip/CVE-2021-23413.yml 38.6.0