VulnerableCode Package Details - pkg:npm/node-fetch@3.1.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-ebme-b1mh-qygu Aliases: CVE-2022-2596 GHSA-vp56-6g26-6827	node-fetch Inefficient Regular Expression Complexity [node-fetch](https://www.npmjs.com/package/node-fetch) is a light-weight module that brings window.fetch to node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the `isOriginPotentiallyTrustworthy()` function in `referrer.js`, when processing a URL string with alternating letters and periods, such as `'http://' + 'a.a.'.repeat(i) + 'a'`.	3.2.10 Affected by 0 other vulnerabilities.
VCID-x4yh-ez8g-6ya1 Aliases: CVE-2022-0235 GHSA-r683-j2x4-v87g	URL Redirection to Untrusted Site ('Open Redirect') node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor	3.1.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-ebme-b1mh-qygu
Aliases:
CVE-2022-2596
GHSA-vp56-6g26-6827

node-fetch Inefficient Regular Expression Complexity [node-fetch](https://www.npmjs.com/package/node-fetch) is a light-weight module that brings window.fetch to node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the `isOriginPotentiallyTrustworthy()` function in `referrer.js`, when processing a URL string with alternating letters and periods, such as `'http://' + 'a.a.'.repeat(i) + 'a'`.

3.2.10
Affected by 0 other vulnerabilities.

VCID-x4yh-ez8g-6ya1
Aliases:
CVE-2022-0235
GHSA-r683-j2x4-v87g

URL Redirection to Untrusted Site ('Open Redirect') node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

3.1.1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:06:35.968264+00:00	GitLab Importer	Affected by	VCID-ebme-b1mh-qygu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/node-fetch/CVE-2022-2596.yml	38.4.0
2026-04-16T21:37:40.223180+00:00	GitLab Importer	Affected by	VCID-x4yh-ez8g-6ya1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/node-fetch/CVE-2022-0235.yml	38.4.0
2026-04-11T23:22:45.727572+00:00	GitLab Importer	Affected by	VCID-ebme-b1mh-qygu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/node-fetch/CVE-2022-2596.yml	38.3.0
2026-04-11T22:51:52.076066+00:00	GitLab Importer	Affected by	VCID-x4yh-ez8g-6ya1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/node-fetch/CVE-2022-0235.yml	38.3.0
2026-04-02T23:29:26.003867+00:00	GitLab Importer	Affected by	VCID-ebme-b1mh-qygu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/node-fetch/CVE-2022-2596.yml	38.1.0
2026-04-02T23:01:17.995394+00:00	GitLab Importer	Affected by	VCID-x4yh-ez8g-6ya1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/node-fetch/CVE-2022-0235.yml	38.1.0
2026-04-01T17:50:48.879642+00:00	GitLab Importer	Affected by	VCID-ebme-b1mh-qygu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/node-fetch/CVE-2022-2596.yml	38.0.0
2026-04-01T17:20:08.598901+00:00	GitLab Importer	Affected by	VCID-x4yh-ez8g-6ya1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/node-fetch/CVE-2022-0235.yml	38.0.0