VulnerableCode Package Details - pkg:npm/npm@11.2.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-qyqn-hwvx-k7gs Aliases: CVE-2026-0775 GHSA-3966-f6p6-2qr9	Duplicate Advisory: npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability ### Duplicate Advisory This advisory has been withdrawn because describes a dependency bump and therefore, per [CVE CNA rule 4.1.12](https://www.cve.org/ResourcesSupport/AllResources/CNARules/#section_4-1_Vulnerability_Determination), is a duplicate of GHSA-34x7-hfp2-rc4v/CVE-2026-24842. Additionally, per https://github.com/npm/cli/issues/8939#issuecomment-3862719883, npm cli should not be listed as an affected product. This link is maintained to preserve external references. ### Original Description npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of modules. The application loads modules from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-qyqn-hwvx-k7gs
Aliases:
CVE-2026-0775
GHSA-3966-f6p6-2qr9

Duplicate Advisory: npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability ### Duplicate Advisory This advisory has been withdrawn because describes a dependency bump and therefore, per [CVE CNA rule 4.1.12](https://www.cve.org/ResourcesSupport/AllResources/CNARules/#section_4-1_Vulnerability_Determination), is a duplicate of GHSA-34x7-hfp2-rc4v/CVE-2026-24842. Additionally, per https://github.com/npm/cli/issues/8939#issuecomment-3862719883, npm cli should not be listed as an affected product. This link is maintained to preserve external references. ### Original Description npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of modules. The application loads modules from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-17T00:11:59.087299+00:00	GitLab Importer	Affected by	VCID-qyqn-hwvx-k7gs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/npm/CVE-2026-0775.yml	38.4.0
2026-04-12T01:35:46.560789+00:00	GitLab Importer	Affected by	VCID-qyqn-hwvx-k7gs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/npm/CVE-2026-0775.yml	38.3.0
2026-04-03T01:44:47.467862+00:00	GitLab Importer	Affected by	VCID-qyqn-hwvx-k7gs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/npm/CVE-2026-0775.yml	38.1.0