Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/moment@2.15.2
purl pkg:npm/moment@2.15.2
Next non-vulnerable version 2.29.4
Latest non-vulnerable version 2.29.4
Risk 4.0
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-cjwf-nuwg-4yc2
Aliases:
CVE-2017-18214
GHSA-446m-mv8f-q348
Uncontrolled Resource Consumption The moment module for `Node.js` is prone to a regular expression denial of service via a crafted date string.
2.19.3
Affected by 2 other vulnerabilities.
VCID-gtht-4h82-pqg4
Aliases:
GMS-2017-332
Regular Expression Denial of Service Moment is vulnerable to a low severity regular expression denial of service vulnerability.
2.19.3
Affected by 2 other vulnerabilities.
VCID-kexn-gjxj-uudm
Aliases:
CVE-2022-24785
GHSA-8hfj-j24r-96c4
Path Traversal: 'dir/../../filename' in moment.locale This vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg `fr` is directly used to switch moment locale.
2.29.2
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:44:12.945965+00:00 GitLab Importer Affected by VCID-kexn-gjxj-uudm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2022-24785.yml 38.4.0
2026-04-16T20:41:55.772754+00:00 GitLab Importer Affected by VCID-cjwf-nuwg-4yc2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2017-18214.yml 38.4.0
2026-04-16T20:40:23.003876+00:00 GitLab Importer Affected by VCID-gtht-4h82-pqg4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/GMS-2017-332.yml 38.4.0
2026-04-16T01:20:28.252839+00:00 GHSA Importer Affected by VCID-cjwf-nuwg-4yc2 https://github.com/advisories/GHSA-446m-mv8f-q348 38.4.0
2026-04-11T22:59:50.624903+00:00 GitLab Importer Affected by VCID-kexn-gjxj-uudm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2022-24785.yml 38.3.0
2026-04-11T21:52:31.786143+00:00 GitLab Importer Affected by VCID-cjwf-nuwg-4yc2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2017-18214.yml 38.3.0
2026-04-11T21:51:07.048956+00:00 GitLab Importer Affected by VCID-gtht-4h82-pqg4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/GMS-2017-332.yml 38.3.0
2026-04-11T12:48:40.958154+00:00 GHSA Importer Affected by VCID-cjwf-nuwg-4yc2 https://github.com/advisories/GHSA-446m-mv8f-q348 38.3.0
2026-04-02T23:08:29.672766+00:00 GitLab Importer Affected by VCID-kexn-gjxj-uudm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2022-24785.yml 38.1.0
2026-04-02T22:06:18.991664+00:00 GitLab Importer Affected by VCID-cjwf-nuwg-4yc2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2017-18214.yml 38.1.0
2026-04-02T22:04:57.212411+00:00 GitLab Importer Affected by VCID-gtht-4h82-pqg4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/GMS-2017-332.yml 38.1.0
2026-04-02T13:43:23.025138+00:00 GHSA Importer Affected by VCID-cjwf-nuwg-4yc2 https://github.com/advisories/GHSA-446m-mv8f-q348 38.1.0
2026-04-01T17:27:57.740640+00:00 GitLab Importer Affected by VCID-kexn-gjxj-uudm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2022-24785.yml 38.0.0
2026-04-01T16:23:17.043938+00:00 GitLab Importer Affected by VCID-cjwf-nuwg-4yc2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2017-18214.yml 38.0.0
2026-04-01T16:21:55.016163+00:00 GitLab Importer Affected by VCID-gtht-4h82-pqg4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/GMS-2017-332.yml 38.0.0