VulnerableCode Package Details - pkg:npm/total.js@3.4.7

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/total.js@3.4.7

Essentials
History (10)

purl	pkg:npm/total.js@3.4.7

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.5

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-3j8u-nj8m-kqa4 Aliases: CVE-2021-23344 GHSA-3wj8-vp9h-rm6m		3.4.8 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-q5pf-1e74-cfaw Aliases: CVE-2022-44019	In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter.	There are no reported fixed by versions.
VCID-qmuh-1ek8-vudf Aliases: CVE-2021-32831 GHSA-vwhc-pww7-72x6		3.4.9 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-taue-1pna-k3h9 Aliases: CVE-2021-23389 GHSA-7fm6-gxqg-2pwr	Code Injection in total.js	3.4.9 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-hh73-kwnd-xyhj		CVE-2020-28495 GHSA-6cf8-qhqj-vjqm
VCID-v2q5-bu5j-5qe9		CVE-2020-28494 GHSA-4449-hg37-77v8

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T06:22:04.639447+00:00	GHSA Importer	Fixing	VCID-v2q5-bu5j-5qe9	https://github.com/advisories/GHSA-4449-hg37-77v8	38.6.0
2026-06-13T06:22:04.609473+00:00	GHSA Importer	Fixing	VCID-hh73-kwnd-xyhj	https://github.com/advisories/GHSA-6cf8-qhqj-vjqm	38.6.0
2026-06-12T18:38:13.615047+00:00	GitLab Importer	Affected by	VCID-q5pf-1e74-cfaw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/total.js/CVE-2022-44019.yml	38.6.0
2026-06-12T17:47:08.640485+00:00	GitLab Importer	Affected by	VCID-qmuh-1ek8-vudf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/total.js/CVE-2021-32831.yml	38.6.0
2026-06-12T17:44:09.860469+00:00	GitLab Importer	Affected by	VCID-taue-1pna-k3h9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/total.js/CVE-2021-23389.yml	38.6.0
2026-06-12T17:34:16.099368+00:00	GitLab Importer	Affected by	VCID-3j8u-nj8m-kqa4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/total.js/CVE-2021-23344.yml	38.6.0
2026-06-12T17:33:02.240489+00:00	GitLab Importer	Fixing	VCID-v2q5-bu5j-5qe9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/total.js/CVE-2020-28494.yml	38.6.0
2026-06-12T17:32:58.368605+00:00	GitLab Importer	Fixing	VCID-hh73-kwnd-xyhj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/total.js/CVE-2020-28495.yml	38.6.0
2026-06-12T08:04:05.687553+00:00	GithubOSV Importer	Fixing	VCID-hh73-kwnd-xyhj	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/02/GHSA-6cf8-qhqj-vjqm/GHSA-6cf8-qhqj-vjqm.json	38.6.0
2026-06-12T08:04:03.630988+00:00	GithubOSV Importer	Fixing	VCID-v2q5-bu5j-5qe9	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/02/GHSA-4449-hg37-77v8/GHSA-4449-hg37-77v8.json	38.6.0