launch-editor

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting launch-editorpage 1 of 1

CVE-2024-52011HIGHCVSS 7.5EG 7.5✓ Fixed in 2.9.0
2026-06-01
launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the `file` argument in the `launchEditor`, an attacker can execute arbitrary commands on Win…
CVE-2026-53632MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.14.1
2026-06-15
launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attemp…

Check whether launch-editor is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for launch-editor CVEs against the assets you own.

Start Free Scan →