Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-72tp-hs26-rue5
Vulnerability ID VCID-72tp-hs26-rue5
Aliases CVE-2019-5416
GHSA-qwj8-p662-3m7x
Summary Path Traversal A path traversal vulnerability in localhost-now allows the attackers to read content of arbitrary files on the remote server.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2019-5416
cvssv3.1 7.5 https://github.com/advisories/GHSA-qwj8-p662-3m7x
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-qwj8-p662-3m7x
generic_textual HIGH https://github.com/advisories/GHSA-qwj8-p662-3m7x
cvssv3.1 7.5 https://hackerone.com/reports/334837
generic_textual HIGH https://hackerone.com/reports/334837
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-5416
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2019-5416
cvssv3.1 7.5 https://www.npmjs.com/advisories/1005
generic_textual HIGH https://www.npmjs.com/advisories/1005
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2019-5416
https://hackerone.com/reports/334837
https://www.npmjs.com/advisories/1005
CVE-2019-5416 https://nvd.nist.gov/vuln/detail/CVE-2019-5416
GHSA-qwj8-p662-3m7x https://github.com/advisories/GHSA-qwj8-p662-3m7x
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/advisories/GHSA-qwj8-p662-3m7x
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://hackerone.com/reports/334837
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-5416
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.npmjs.com/advisories/1005
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.70135
EPSS Score 0.00611
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:54:54.737383+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/localhost-now/CVE-2019-5416.yml 38.6.0