VulnerableCode Package Details - pkg:npm/node-fetch@3.1.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-ebme-b1mh-qygu Aliases: CVE-2022-2596 GHSA-vp56-6g26-6827	node-fetch Inefficient Regular Expression Complexity [node-fetch](https://www.npmjs.com/package/node-fetch) is a light-weight module that brings window.fetch to node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the `isOriginPotentiallyTrustworthy()` function in `referrer.js`, when processing a URL string with alternating letters and periods, such as `'http://' + 'a.a.'.repeat(i) + 'a'`.	3.2.10 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-ebme-b1mh-qygu
Aliases:
CVE-2022-2596
GHSA-vp56-6g26-6827

node-fetch Inefficient Regular Expression Complexity [node-fetch](https://www.npmjs.com/package/node-fetch) is a light-weight module that brings window.fetch to node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the `isOriginPotentiallyTrustworthy()` function in `referrer.js`, when processing a URL string with alternating letters and periods, such as `'http://' + 'a.a.'.repeat(i) + 'a'`.

3.2.10
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-x4yh-ez8g-6ya1	URL Redirection to Untrusted Site ('Open Redirect') node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor	CVE-2022-0235 GHSA-r683-j2x4-v87g

Vulnerability

Summary

Aliases

VCID-x4yh-ez8g-6ya1

URL Redirection to Untrusted Site ('Open Redirect') node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

CVE-2022-0235
GHSA-r683-j2x4-v87g

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:06:35.971593+00:00	GitLab Importer	Affected by	VCID-ebme-b1mh-qygu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/node-fetch/CVE-2022-2596.yml	38.4.0
2026-04-11T23:22:45.730966+00:00	GitLab Importer	Affected by	VCID-ebme-b1mh-qygu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/node-fetch/CVE-2022-2596.yml	38.3.0
2026-04-02T23:29:26.007103+00:00	GitLab Importer	Affected by	VCID-ebme-b1mh-qygu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/node-fetch/CVE-2022-2596.yml	38.1.0
2026-04-01T17:50:48.883321+00:00	GitLab Importer	Affected by	VCID-ebme-b1mh-qygu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/node-fetch/CVE-2022-2596.yml	38.0.0
2026-04-01T15:59:24.206745+00:00	GHSA Importer	Fixing	VCID-x4yh-ez8g-6ya1	https://github.com/advisories/GHSA-r683-j2x4-v87g	38.0.0
2026-04-01T13:05:40.540589+00:00	GithubOSV Importer	Fixing	VCID-x4yh-ez8g-6ya1	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-r683-j2x4-v87g/GHSA-r683-j2x4-v87g.json	38.0.0
2026-04-01T12:49:17.923601+00:00	GitLab Importer	Fixing	VCID-x4yh-ez8g-6ya1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/node-fetch/CVE-2022-0235.yml	38.0.0