VulnerableCode Package Details - pkg:npm/libnotify@1.0.3

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/libnotify@1.0.3

Essentials
History (2)

purl	pkg:npm/libnotify@1.0.3

Next non-vulnerable version	1.0.4
Latest non-vulnerable version	1.0.4
Risk

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-tjc9-6eex-4fh7 Aliases: CVE-2013-7381	Potential Command Injection Untrusted input passed in the call to libnotify.notify could result in execution of shell commands. Callers may be unaware of this. ### Example ``` var libnotify = require('libnotify') libnotify.notify('UNTRUSTED INPUT', { title: \"\" }, function () { console.log(arguments); }) ``` Special thanks to Neal Poole for submitting the pull request to fix this issue.	1.0.4 Affected by 0 other vulnerabilities.
VCID-uwx6-kq7y-dfa4 Aliases: GMS-2013-11	Potential Command Injection Untrusted input passed in the call to libnotify.notify could result in execution of shell commands. Callers may be unaware of this.	1.0.4 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:36:09.455073+00:00	GitLab Importer	Affected by	VCID-uwx6-kq7y-dfa4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/libnotify/GMS-2013-11.yml	38.6.0
2026-06-02T03:45:01.282498+00:00	Npm Importer	Affected by	VCID-tjc9-6eex-4fh7	https://github.com/nodejs/security-wg/blob/main/vuln/npm/20.json	38.6.0