VulnerableCode Package Details - pkg:npm/total.js@3.4.8

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/total.js@3.4.8

Essentials
History (2)

purl	pkg:npm/total.js@3.4.8

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-528e-s8wc-6ydu	Code Injection The package `total.js` is vulnerable to Remote Code Execution (RCE) via `set`.	CVE-2021-23344 GHSA-3wj8-vp9h-rm6m

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T17:32:27.007658+00:00	GithubOSV Importer	Fixing	VCID-528e-s8wc-6ydu	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-3wj8-vp9h-rm6m/GHSA-3wj8-vp9h-rm6m.json	38.6.0
2026-06-04T16:20:50.847931+00:00	GitLab Importer	Fixing	VCID-528e-s8wc-6ydu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/total.js/CVE-2021-23344.yml	38.6.0