VulnerableCode Package Details - pkg:npm/openwhisk@2.3.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/openwhisk@2.3.0

Essentials
History (2)

purl	pkg:npm/openwhisk@2.3.0

Next non-vulnerable version	3.3.1
Latest non-vulnerable version	3.3.1
Risk

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-c3t5-82ea-5yh6 Aliases: GHSA-53mj-mc38-q894 GMS-2020-756	Remote Memory Exposure in openwhisk Versions of `openwhisk` before 3.3.1 are vulnerable to remote memory exposure. When a number is passed to `api_key`, affected versions of `openwhisk` allocate an uninitialized buffer and send that over network in Authorization header (base64-encoded). Proof of concept: ```js var openwhisk = require('openwhisk'); var options = { apihost: '127.0.0.1:1433', api_key: USERSUPPLIEDINPUT // number }; var ow = openwhisk(options); ow.actions.invoke({actionName: 'sample'}).then(result => console.log(result)) ``` ## Recommendation Update to version 3.3.1 or later.	3.3.1 Affected by 0 other vulnerabilities.
VCID-d7bp-wvzb-8ycd Aliases: CWE-201	Error clearly exposes the database credentials When access is denied, `mysql_pconnect()` raises a warning that exposes the user credentials.	3.2.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:35:23.404911+00:00	GitLab Importer	Affected by	VCID-c3t5-82ea-5yh6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/openwhisk/GMS-2020-756.yml	38.6.0
2026-06-04T20:08:19.318526+00:00	GitLab Importer	Affected by	VCID-d7bp-wvzb-8ycd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/openwhisk/CWE-201.yml	38.6.0