VulnerableCode Package Details - pkg:npm/nanoid@5.0.8

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/nanoid@5.0.8

Essentials
History (3)

purl	pkg:npm/nanoid@5.0.8

Next non-vulnerable version	5.0.9
Latest non-vulnerable version	5.0.9
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-s6f3-3mxh-ekfr Aliases: CVE-2024-55565 GHSA-mwcw-c2x4-8c55	Predictable results in nanoid generation when given non-integer values When nanoid is called with a fractional value, there were a number of undesirable effects: 1. in browser and non-secure, the code infinite loops on while (size--) 2. in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled 3. if the first call in node is a fractional argument, the initial buffer allocation fails with an error Version 3.3.8 and 5.0.9 are fixed.	5.0.9 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:16:30.660899+00:00	GitLab Importer	Affected by	VCID-s6f3-3mxh-ekfr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/nanoid/CVE-2024-55565.yml	38.4.0
2026-04-12T00:35:13.506265+00:00	GitLab Importer	Affected by	VCID-s6f3-3mxh-ekfr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/nanoid/CVE-2024-55565.yml	38.3.0
2026-04-03T00:43:00.229973+00:00	GitLab Importer	Affected by	VCID-s6f3-3mxh-ekfr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/nanoid/CVE-2024-55565.yml	38.1.0