codecov

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting codecovpage 1 of 1

CVE-2020-15123CRITICALCVSS 9.3EG 9.3✓ Fixed in 3.7.1
2020-07-20
In codecov (npm package) before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability…
CVE-2020-7596HIGHCVSS 8.8EG 8.8✓ Fixed in 3.6.2
2020-01-25
Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument.
CVE-2020-7597HIGHCVSS 8.8EG 8.8✓ Fixed in 3.6.5
2020-02-17
codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an inc…

Check whether codecov is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for codecov CVEs against the assets you own.

Start Free Scan →