Node.js (node-pkg)
==================
Total: 14 (HIGH: 14, CRITICAL: 0)

+-------------------+------------------+----------+-------------------+-----------------------------+---------------------------------------+
|      LIBRARY      | VULNERABILITY ID | SEVERITY | INSTALLED VERSION |        FIXED VERSION        |                 TITLE                 |
+-------------------+------------------+----------+-------------------+-----------------------------+---------------------------------------+
| ansi-regex        | CVE-2021-3807    | HIGH     | 3.0.0             | 5.0.1, 6.0.1                | nodejs-ansi-regex: Regular            |
|                   |                  |          |                   |                             | expression denial of service          |
|                   |                  |          |                   |                             | (ReDoS) matching ANSI escape codes    |
|                   |                  |          |                   |                             | -->avd.aquasec.com/nvd/cve-2021-3807  |
+-------------------+------------------+          +-------------------+-----------------------------+---------------------------------------+
| dot-prop          | CVE-2020-8116    |          | 4.2.0             | 5.1.1, 4.2.1                | nodejs-dot-prop: prototype pollution  |
|                   |                  |          |                   |                             | -->avd.aquasec.com/nvd/cve-2020-8116  |
+-------------------+------------------+          +-------------------+-----------------------------+---------------------------------------+
| ini               | CVE-2020-7788    |          | 1.3.5             | 1.3.6                       | nodejs-ini: Prototype pollution       |
|                   |                  |          |                   |                             | via malicious INI file                |
|                   |                  |          |                   |                             | -->avd.aquasec.com/nvd/cve-2020-7788  |
+-------------------+------------------+          +-------------------+-----------------------------+---------------------------------------+
| npm               | CVE-2019-16776   |          | 6.12.1            | 6.13.3                      | npm: Arbitrary file write             |
|                   |                  |          |                   |                             | via constructed entry in the          |
|                   |                  |          |                   |                             | package.json bin field...             |
|                   |                  |          |                   |                             | -->avd.aquasec.com/nvd/cve-2019-16776 |
+-------------------+------------------+          +-------------------+-----------------------------+---------------------------------------+
| npm-user-validate | CVE-2020-7754    |          | 1.0.0             | 1.0.1                       | nodejs-npm-user-validate: improper    |
|                   |                  |          |                   |                             | input validation when validating      |
|                   |                  |          |                   |                             | user emails leads to ReDoS            |
|                   |                  |          |                   |                             | -->avd.aquasec.com/nvd/cve-2020-7754  |
+-------------------+------------------+          +-------------------+-----------------------------+---------------------------------------+
| path-parse        | CVE-2021-23343   |          | 1.0.6             | 1.0.7                       | nodejs-path-parse:                    |
|                   |                  |          |                   |                             | ReDoS via splitDeviceRe,              |
|                   |                  |          |                   |                             | splitTailRe and splitPathRe           |
|                   |                  |          |                   |                             | -->avd.aquasec.com/nvd/cve-2021-23343 |
+-------------------+------------------+          +-------------------+-----------------------------+---------------------------------------+
| ssri              | CVE-2021-27290   |          | 6.0.1             | 8.0.1, 7.1.1, 6.0.2         | nodejs-ssri: Regular expression       |
|                   |                  |          |                   |                             | DoS (ReDoS) when parsing              |
|                   |                  |          |                   |                             | malicious SRI in strict mode...       |
|                   |                  |          |                   |                             | -->avd.aquasec.com/nvd/cve-2021-27290 |
+-------------------+------------------+          +-------------------+-----------------------------+---------------------------------------+
| tar               | CVE-2021-32803   |          | 4.4.13            | 6.1.2, 5.0.7, 4.4.15, 3.2.3 | nodejs-tar: Insufficient symlink      |
|                   |                  |          |                   |                             | protection allowing arbitrary         |
|                   |                  |          |                   |                             | file creation and overwrite           |
|                   |                  |          |                   |                             | -->avd.aquasec.com/nvd/cve-2021-32803 |
+                   +------------------+          +                   +-----------------------------+---------------------------------------+
|                   | CVE-2021-32804   |          |                   | 6.1.1, 5.0.6, 4.4.14, 3.2.2 | nodejs-tar: Insufficient absolute     |
|                   |                  |          |                   |                             | path sanitization allowing arbitrary  |
|                   |                  |          |                   |                             | file creation and overwrite           |
|                   |                  |          |                   |                             | -->avd.aquasec.com/nvd/cve-2021-32804 |
+                   +------------------+          +                   +-----------------------------+---------------------------------------+
|                   | CVE-2021-37701   |          |                   | 6.1.7, 5.0.8, 4.4.16        | nodejs-tar: insufficient symlink      |
|                   |                  |          |                   |                             | protection due to directory cache     |
|                   |                  |          |                   |                             | poisoning using symbolic links...     |
|                   |                  |          |                   |                             | -->avd.aquasec.com/nvd/cve-2021-37701 |
+                   +------------------+          +                   +-----------------------------+---------------------------------------+
|                   | CVE-2021-37712   |          |                   | 6.1.9, 5.0.10, 4.4.18       | nodejs-tar: insufficient symlink      |
|                   |                  |          |                   |                             | protection due to directory cache     |
|                   |                  |          |                   |                             | poisoning using symbolic links...     |
|                   |                  |          |                   |                             | -->avd.aquasec.com/nvd/cve-2021-37712 |
+                   +------------------+          +                   +                             +---------------------------------------+
|                   | CVE-2021-37713   |          |                   |                             | Arbitrary File Creation/Overwrite     |
|                   |                  |          |                   |                             | on Windows via insufficient           |
|                   |                  |          |                   |                             | relative path sanitization            |
|                   |                  |          |                   |                             | -->avd.aquasec.com/nvd/cve-2021-37713 |
+-------------------+------------------+          +-------------------+-----------------------------+---------------------------------------+
| y18n              | CVE-2020-7774    |          | 3.2.1             | 5.0.5, 4.0.1, 3.2.2         | nodejs-y18n: prototype                |
|                   |                  |          |                   |                             | pollution vulnerability               |
|                   |                  |          |                   |                             | -->avd.aquasec.com/nvd/cve-2020-7774  |
+                   +                  +          +-------------------+                             +                                       +
|                   |                  |          | 4.0.0             |                             |                                       |
|                   |                  |          |                   |                             |                                       |
|                   |                  |          |                   |                             |                                       |
+-------------------+------------------+----------+-------------------+-----------------------------+---------------------------------------+