Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/thrift@0.9.2
purl pkg:npm/thrift@0.9.2
Next non-vulnerable version 0.12.0
Latest non-vulnerable version 0.12.0
Risk 3.4
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-bjpb-v3v5-5beg
Aliases:
CVE-2018-11798
GHSA-vx85-mj8c-4qm6
File and Directory Information Exposure The Apache Thrift Node.js static web server contains a security vulnerability in which a remote user has the ability to access files outside the set webservers `docroot` path.
0.12.0
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T20:51:02.864651+00:00 GitLab Importer Affected by VCID-bjpb-v3v5-5beg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/thrift/CVE-2018-11798.yml 38.4.0
2026-04-11T22:01:45.563467+00:00 GitLab Importer Affected by VCID-bjpb-v3v5-5beg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/thrift/CVE-2018-11798.yml 38.3.0
2026-04-02T22:14:46.471981+00:00 GitLab Importer Affected by VCID-bjpb-v3v5-5beg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/thrift/CVE-2018-11798.yml 38.1.0
2026-04-01T12:48:14.021225+00:00 GitLab Importer Affected by VCID-bjpb-v3v5-5beg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/thrift/CVE-2018-11798.yml 38.0.0