basic-ftp

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting basic-ftppage 1 of 1

CVE-2026-39983HIGHCVSS 8.6EG 8.6✓ Fixed in 5.2.1
2026-04-09
vulnerable: 5.2.0
basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences (\r\n) in file path parameters passed to high-level path APIs such as cd(), remove(), rename(), uploadFrom(), downloadTo(), l…
CVE-2026-41324HIGHCVSS 7.5EG 7.5✓ Fixed in 5.3.0
2026-04-24
basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an…
CVE-2026-44240HIGHCVSS 7.5EG 7.5✓ Fixed in 5.3.1
2026-05-12
basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline…

Check whether basic-ftp is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for basic-ftp CVEs against the assets you own.

Start Free Scan →