Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/total.js@2.2.0-10
purl pkg:npm/total.js@2.2.0-10
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-2yh8-d2vf-hkhg
Aliases:
CVE-2019-8903
GHSA-3q32-j57w-q4w7
Path Traversal in total.js
3.2.3
Affected by 7 other vulnerabilities.
VCID-3j8u-nj8m-kqa4
Aliases:
CVE-2021-23344
GHSA-3wj8-vp9h-rm6m
3.4.8
Affected by 3 other vulnerabilities.
VCID-du3z-utwr-3bfe
Aliases:
CVE-2019-10260
GHSA-72p5-2r6g-fm6v
Moderate severity vulnerability that affects total.js
3.3.0-13
Affected by 6 other vulnerabilities.
VCID-hh73-kwnd-xyhj
Aliases:
CVE-2020-28495
GHSA-6cf8-qhqj-vjqm
3.4.7
Affected by 4 other vulnerabilities.
VCID-q5pf-1e74-cfaw
Aliases:
CVE-2022-44019
In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter. There are no reported fixed by versions.
VCID-qmuh-1ek8-vudf
Aliases:
CVE-2021-32831
GHSA-vwhc-pww7-72x6
3.4.9
Affected by 1 other vulnerability.
VCID-taue-1pna-k3h9
Aliases:
CVE-2021-23389
GHSA-7fm6-gxqg-2pwr
Code Injection in total.js
3.4.9
Affected by 1 other vulnerability.
VCID-v2q5-bu5j-5qe9
Aliases:
CVE-2020-28494
GHSA-4449-hg37-77v8
3.4.7
Affected by 4 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-12T18:38:11.968515+00:00 GitLab Importer Affected by VCID-q5pf-1e74-cfaw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/total.js/CVE-2022-44019.yml 38.6.0
2026-06-12T17:47:06.961503+00:00 GitLab Importer Affected by VCID-qmuh-1ek8-vudf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/total.js/CVE-2021-32831.yml 38.6.0
2026-06-12T17:44:08.262566+00:00 GitLab Importer Affected by VCID-taue-1pna-k3h9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/total.js/CVE-2021-23389.yml 38.6.0
2026-06-12T17:34:14.514018+00:00 GitLab Importer Affected by VCID-3j8u-nj8m-kqa4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/total.js/CVE-2021-23344.yml 38.6.0
2026-06-12T17:33:00.626178+00:00 GitLab Importer Affected by VCID-v2q5-bu5j-5qe9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/total.js/CVE-2020-28494.yml 38.6.0
2026-06-12T17:32:56.687116+00:00 GitLab Importer Affected by VCID-hh73-kwnd-xyhj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/total.js/CVE-2020-28495.yml 38.6.0
2026-06-12T17:09:38.474245+00:00 GitLab Importer Affected by VCID-du3z-utwr-3bfe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/total.js/CVE-2019-10260.yml 38.6.0
2026-06-12T17:08:08.972812+00:00 GitLab Importer Affected by VCID-2yh8-d2vf-hkhg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/total.js/CVE-2019-8903.yml 38.6.0