VulnerableCode Package Details - pkg:npm/total.js@3.3.3-5

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/total.js@3.3.3-5

Essentials
History (6)

purl	pkg:npm/total.js@3.3.3-5

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.5

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-3j8u-nj8m-kqa4 Aliases: CVE-2021-23344 GHSA-3wj8-vp9h-rm6m		3.4.8 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-hh73-kwnd-xyhj Aliases: CVE-2020-28495 GHSA-6cf8-qhqj-vjqm		3.4.7 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-q5pf-1e74-cfaw Aliases: CVE-2022-44019	In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter.	There are no reported fixed by versions.
VCID-qmuh-1ek8-vudf Aliases: CVE-2021-32831 GHSA-vwhc-pww7-72x6		3.4.9 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-taue-1pna-k3h9 Aliases: CVE-2021-23389 GHSA-7fm6-gxqg-2pwr	Code Injection in total.js	3.4.9 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-v2q5-bu5j-5qe9 Aliases: CVE-2020-28494 GHSA-4449-hg37-77v8		3.4.7 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T18:38:13.420260+00:00	GitLab Importer	Affected by	VCID-q5pf-1e74-cfaw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/total.js/CVE-2022-44019.yml	38.6.0
2026-06-12T17:47:08.446066+00:00	GitLab Importer	Affected by	VCID-qmuh-1ek8-vudf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/total.js/CVE-2021-32831.yml	38.6.0
2026-06-12T17:44:09.671706+00:00	GitLab Importer	Affected by	VCID-taue-1pna-k3h9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/total.js/CVE-2021-23389.yml	38.6.0
2026-06-12T17:34:15.908380+00:00	GitLab Importer	Affected by	VCID-3j8u-nj8m-kqa4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/total.js/CVE-2021-23344.yml	38.6.0
2026-06-12T17:33:02.038493+00:00	GitLab Importer	Affected by	VCID-v2q5-bu5j-5qe9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/total.js/CVE-2020-28494.yml	38.6.0
2026-06-12T17:32:58.149171+00:00	GitLab Importer	Affected by	VCID-hh73-kwnd-xyhj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/total.js/CVE-2020-28495.yml	38.6.0