Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/jszip@3.7.0
purl pkg:npm/jszip@3.7.0
Next non-vulnerable version 3.8.0
Latest non-vulnerable version 3.8.0
Risk 3.3
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-nasw-3246-zfcd
Aliases:
CVE-2022-48285
GHSA-36fh-84j7-cv5h
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.
3.8.0
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-wzyg-x1bp-yudd This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance. CVE-2021-23413
GHSA-jg8v-48h5-wgxg

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-13T06:23:51.643611+00:00 GHSA Importer Fixing VCID-wzyg-x1bp-yudd https://github.com/advisories/GHSA-jg8v-48h5-wgxg 38.6.0
2026-06-12T18:45:13.362442+00:00 GitLab Importer Affected by VCID-nasw-3246-zfcd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/jszip/CVE-2022-48285.yml 38.6.0
2026-06-12T15:41:58.473229+00:00 GitLab Importer Fixing VCID-wzyg-x1bp-yudd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/jszip/CVE-2021-23413.yml 38.6.0
2026-06-12T08:04:48.467732+00:00 GithubOSV Importer Fixing VCID-wzyg-x1bp-yudd https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-jg8v-48h5-wgxg/GHSA-jg8v-48h5-wgxg.json 38.6.0