hummus

npm4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting hummuspage 1 of 1

CVE-2022-25885HIGHCVSS 7.5EG 7.5✓ Fixed in 1.0.111
2022-11-01
The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data.
CVE-2022-25892HIGHCVSS 7.5EG 7.5✓ Fixed in 1.0.111
2022-11-01
The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.
CVE-2022-39381HIGHCVSS 7.5EG 7.5✓ Fixed in 1.0.111
2022-11-02
Muhammara is a node module with c/cpp bindings to modify PDF with js for node or electron (based/replacement on/of galkhana/hummusjs). The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (…
CVE-2022-41957HIGHCVSS 7.5EG 7.5
2022-11-28
Muhammara is a node module with c/cpp bindings to modify PDF with JavaScript for node or electron. The package muhammara before 2.6.2 and from 3.0.0 and before 3.3.0, as well as all versions of muhammara's predecessor package hummus, are v…

Check whether hummus is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for hummus CVEs against the assets you own.

Start Free Scan →