VulnerableCode Package Details - pkg:npm/moment@2.17.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-cjwf-nuwg-4yc2 Aliases: CVE-2017-18214 GHSA-446m-mv8f-q348	Uncontrolled Resource Consumption The moment module for `Node.js` is prone to a regular expression denial of service via a crafted date string.	2.19.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-gtht-4h82-pqg4 Aliases: GMS-2017-332	Regular Expression Denial of Service Moment is vulnerable to a low severity regular expression denial of service vulnerability.	2.19.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-kexn-gjxj-uudm Aliases: CVE-2022-24785 GHSA-8hfj-j24r-96c4	Path Traversal: 'dir/../../filename' in moment.locale This vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg `fr` is directly used to switch moment locale.	2.29.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-cjwf-nuwg-4yc2
Aliases:
CVE-2017-18214
GHSA-446m-mv8f-q348

Uncontrolled Resource Consumption The moment module for `Node.js` is prone to a regular expression denial of service via a crafted date string.

2.19.3
Affected by 2 other vulnerabilities.

VCID-gtht-4h82-pqg4
Aliases:
GMS-2017-332

Regular Expression Denial of Service Moment is vulnerable to a low severity regular expression denial of service vulnerability.

2.19.3
Affected by 2 other vulnerabilities.

VCID-kexn-gjxj-uudm
Aliases:
CVE-2022-24785
GHSA-8hfj-j24r-96c4

Path Traversal: 'dir/../../filename' in moment.locale This vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg `fr` is directly used to switch moment locale.

2.29.2
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-29T20:23:54.640157+00:00	GitLab Importer	Affected by	VCID-kexn-gjxj-uudm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2022-24785.yml	38.5.0
2026-04-29T19:18:40.222007+00:00	GitLab Importer	Affected by	VCID-cjwf-nuwg-4yc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2017-18214.yml	38.5.0
2026-04-29T19:17:10.405775+00:00	GitLab Importer	Affected by	VCID-gtht-4h82-pqg4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/GMS-2017-332.yml	38.5.0
2026-04-16T21:44:12.955919+00:00	GitLab Importer	Affected by	VCID-kexn-gjxj-uudm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2022-24785.yml	38.4.0
2026-04-16T20:41:55.782200+00:00	GitLab Importer	Affected by	VCID-cjwf-nuwg-4yc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2017-18214.yml	38.4.0
2026-04-16T20:40:23.013115+00:00	GitLab Importer	Affected by	VCID-gtht-4h82-pqg4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/GMS-2017-332.yml	38.4.0
2026-04-16T01:20:28.263235+00:00	GHSA Importer	Affected by	VCID-cjwf-nuwg-4yc2	https://github.com/advisories/GHSA-446m-mv8f-q348	38.4.0
2026-04-11T22:59:50.635458+00:00	GitLab Importer	Affected by	VCID-kexn-gjxj-uudm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2022-24785.yml	38.3.0
2026-04-11T21:52:31.797610+00:00	GitLab Importer	Affected by	VCID-cjwf-nuwg-4yc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2017-18214.yml	38.3.0
2026-04-11T21:51:07.060936+00:00	GitLab Importer	Affected by	VCID-gtht-4h82-pqg4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/GMS-2017-332.yml	38.3.0
2026-04-11T12:48:40.969796+00:00	GHSA Importer	Affected by	VCID-cjwf-nuwg-4yc2	https://github.com/advisories/GHSA-446m-mv8f-q348	38.3.0
2026-04-02T23:08:29.682617+00:00	GitLab Importer	Affected by	VCID-kexn-gjxj-uudm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2022-24785.yml	38.1.0
2026-04-02T22:06:19.001343+00:00	GitLab Importer	Affected by	VCID-cjwf-nuwg-4yc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2017-18214.yml	38.1.0
2026-04-02T22:04:57.222510+00:00	GitLab Importer	Affected by	VCID-gtht-4h82-pqg4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/GMS-2017-332.yml	38.1.0
2026-04-02T13:43:23.028797+00:00	GHSA Importer	Affected by	VCID-cjwf-nuwg-4yc2	https://github.com/advisories/GHSA-446m-mv8f-q348	38.1.0
2026-04-01T17:27:57.751669+00:00	GitLab Importer	Affected by	VCID-kexn-gjxj-uudm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2022-24785.yml	38.0.0
2026-04-01T16:23:17.055237+00:00	GitLab Importer	Affected by	VCID-cjwf-nuwg-4yc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/CVE-2017-18214.yml	38.0.0
2026-04-01T16:21:55.029672+00:00	GitLab Importer	Affected by	VCID-gtht-4h82-pqg4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/moment/GMS-2017-332.yml	38.0.0