VulnerableCode Package Details - pkg:npm/moment@2.11.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-cjwf-nuwg-4yc2 Aliases: CVE-2017-18214 GHSA-446m-mv8f-q348	Uncontrolled Resource Consumption The moment module for `Node.js` is prone to a regular expression denial of service via a crafted date string.	2.19.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-gtht-4h82-pqg4 Aliases: GMS-2017-332	Regular Expression Denial of Service Moment is vulnerable to a low severity regular expression denial of service vulnerability.	2.19.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-kexn-gjxj-uudm Aliases: CVE-2022-24785 GHSA-8hfj-j24r-96c4	Path Traversal: 'dir/../../filename' in moment.locale This vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg `fr` is directly used to switch moment locale.	2.29.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-cjwf-nuwg-4yc2
Aliases:
CVE-2017-18214
GHSA-446m-mv8f-q348

Uncontrolled Resource Consumption The moment module for `Node.js` is prone to a regular expression denial of service via a crafted date string.

2.19.3
Affected by 2 other vulnerabilities.

VCID-gtht-4h82-pqg4
Aliases:
GMS-2017-332

Regular Expression Denial of Service Moment is vulnerable to a low severity regular expression denial of service vulnerability.

2.19.3
Affected by 2 other vulnerabilities.

VCID-kexn-gjxj-uudm
Aliases:
CVE-2022-24785
GHSA-8hfj-j24r-96c4

Path Traversal: 'dir/../../filename' in moment.locale This vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg `fr` is directly used to switch moment locale.

2.29.2
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-fg81-yqah-rbep	Moderate severity vulnerability that affects moment Withdrawn, accidental duplicate publish. The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."	GHSA-hxf5-mg84-pj4m
VCID-quy6-sg5w-qyhe	Regular Expression Denial of Service in moment The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."	CVE-2016-4055 GHSA-87vv-r9j6-g5qv

Vulnerability

Summary

Aliases

VCID-fg81-yqah-rbep

Moderate severity vulnerability that affects moment Withdrawn, accidental duplicate publish. The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."

GHSA-hxf5-mg84-pj4m

VCID-quy6-sg5w-qyhe

Regular Expression Denial of Service in moment The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."

CVE-2016-4055
GHSA-87vv-r9j6-g5qv

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:44:12.922903+00:00	GitLab Importer	Affected by	VCID-kexn-gjxj-uudm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2022-24785.yml	38.4.0
2026-04-16T20:41:55.750260+00:00	GitLab Importer	Affected by	VCID-cjwf-nuwg-4yc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2017-18214.yml	38.4.0
2026-04-16T20:40:22.981858+00:00	GitLab Importer	Affected by	VCID-gtht-4h82-pqg4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/GMS-2017-332.yml	38.4.0
2026-04-16T20:39:29.157694+00:00	GitLab Importer	Fixing	VCID-quy6-sg5w-qyhe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2016-4055.yml	38.4.0
2026-04-16T01:22:07.786666+00:00	GHSA Importer	Fixing	VCID-fg81-yqah-rbep	https://github.com/advisories/GHSA-hxf5-mg84-pj4m	38.4.0
2026-04-16T01:20:28.228097+00:00	GHSA Importer	Affected by	VCID-cjwf-nuwg-4yc2	https://github.com/advisories/GHSA-446m-mv8f-q348	38.4.0
2026-04-11T22:59:50.600170+00:00	GitLab Importer	Affected by	VCID-kexn-gjxj-uudm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2022-24785.yml	38.3.0
2026-04-11T21:52:31.760101+00:00	GitLab Importer	Affected by	VCID-cjwf-nuwg-4yc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2017-18214.yml	38.3.0
2026-04-11T21:51:07.020391+00:00	GitLab Importer	Affected by	VCID-gtht-4h82-pqg4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/GMS-2017-332.yml	38.3.0
2026-04-11T21:50:15.191892+00:00	GitLab Importer	Fixing	VCID-quy6-sg5w-qyhe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2016-4055.yml	38.3.0
2026-04-11T12:51:14.108613+00:00	GHSA Importer	Fixing	VCID-fg81-yqah-rbep	https://github.com/advisories/GHSA-hxf5-mg84-pj4m	38.3.0
2026-04-11T12:48:40.930433+00:00	GHSA Importer	Affected by	VCID-cjwf-nuwg-4yc2	https://github.com/advisories/GHSA-446m-mv8f-q348	38.3.0
2026-04-02T23:08:29.649672+00:00	GitLab Importer	Affected by	VCID-kexn-gjxj-uudm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2022-24785.yml	38.1.0
2026-04-02T22:06:18.969171+00:00	GitLab Importer	Affected by	VCID-cjwf-nuwg-4yc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2017-18214.yml	38.1.0
2026-04-02T22:04:57.188926+00:00	GitLab Importer	Affected by	VCID-gtht-4h82-pqg4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/GMS-2017-332.yml	38.1.0
2026-04-02T22:04:05.944018+00:00	GitLab Importer	Fixing	VCID-quy6-sg5w-qyhe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2016-4055.yml	38.1.0
2026-04-02T13:44:35.466049+00:00	GHSA Importer	Fixing	VCID-fg81-yqah-rbep	https://github.com/advisories/GHSA-hxf5-mg84-pj4m	38.1.0
2026-04-02T13:43:23.016065+00:00	GHSA Importer	Affected by	VCID-cjwf-nuwg-4yc2	https://github.com/advisories/GHSA-446m-mv8f-q348	38.1.0
2026-04-01T17:27:57.714830+00:00	GitLab Importer	Affected by	VCID-kexn-gjxj-uudm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2022-24785.yml	38.0.0
2026-04-01T16:54:45.773522+00:00	Npm Importer	Fixing	VCID-quy6-sg5w-qyhe	https://github.com/nodejs/security-wg/blob/main/vuln/npm/55.json	38.0.0
2026-04-01T16:23:17.017887+00:00	GitLab Importer	Affected by	VCID-cjwf-nuwg-4yc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2017-18214.yml	38.0.0
2026-04-01T16:21:54.984726+00:00	GitLab Importer	Affected by	VCID-gtht-4h82-pqg4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/GMS-2017-332.yml	38.0.0
2026-04-01T15:56:35.655365+00:00	GHSA Importer	Fixing	VCID-fg81-yqah-rbep	https://github.com/advisories/GHSA-hxf5-mg84-pj4m	38.0.0
2026-04-01T15:56:11.501239+00:00	GHSA Importer	Fixing	VCID-quy6-sg5w-qyhe	https://github.com/advisories/GHSA-87vv-r9j6-g5qv	38.0.0
2026-04-01T13:03:56.125805+00:00	GithubOSV Importer	Fixing	VCID-fg81-yqah-rbep	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-hxf5-mg84-pj4m/GHSA-hxf5-mg84-pj4m.json	38.0.0
2026-04-01T12:54:17.086735+00:00	GithubOSV Importer	Fixing	VCID-quy6-sg5w-qyhe	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-87vv-r9j6-g5qv/GHSA-87vv-r9j6-g5qv.json	38.0.0
2026-04-01T12:47:25.334441+00:00	GitLab Importer	Fixing	VCID-quy6-sg5w-qyhe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2016-4055.yml	38.0.0