grunt

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting gruntpage 1 of 1

CVE-2020-7729HIGHCVSS 7.1EG 7.1✓ Fixed in 1.3.0
2020-09-03
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.
CVE-2022-0436MEDIUMCVSS 5.5EG 5.5✓ Fixed in 1.5.2
2022-04-12
Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.
CVE-2022-1537HIGHCVSS 7.0EG 7.0✓ Fixed in 1.5.3
2022-05-10
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local pri…

Check whether grunt is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for grunt CVEs against the assets you own.

Start Free Scan →