Search for packages
| purl | pkg:npm/nanoid@1.2.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-s6f3-3mxh-ekfr
Aliases: CVE-2024-55565 GHSA-mwcw-c2x4-8c55 |
Predictable results in nanoid generation when given non-integer values When nanoid is called with a fractional value, there were a number of undesirable effects: 1. in browser and non-secure, the code infinite loops on while (size--) 2. in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled 3. if the first call in node is a fractional argument, the initial buffer allocation fails with an error Version 3.3.8 and 5.0.9 are fixed. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T23:16:30.376280+00:00 | GitLab Importer | Affected by | VCID-s6f3-3mxh-ekfr | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/nanoid/CVE-2024-55565.yml | 38.4.0 |
| 2026-04-12T00:35:13.181508+00:00 | GitLab Importer | Affected by | VCID-s6f3-3mxh-ekfr | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/nanoid/CVE-2024-55565.yml | 38.3.0 |
| 2026-04-03T00:42:59.870185+00:00 | GitLab Importer | Affected by | VCID-s6f3-3mxh-ekfr | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/nanoid/CVE-2024-55565.yml | 38.1.0 |