public
npm3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting publicpage 1 of 1
- CVE-2018-16480MEDIUMCVSS 6.1EG 6.1✓ Fixed in 0.1.42019-02-01
A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering.
- CVE-2018-3731HIGHCVSS 7.5EG 7.5✓ Fixed in 0.1.32018-06-07
public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.
- CVE-2018-3747MEDIUMCVSS 6.1EG 6.1✓ Fixed in 0.1.42018-07-03
The public node module versions <= 1.0.3 allows to embed HTML in file names, which (in certain conditions) might lead to execute malicious JavaScript.
Check whether public is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for public CVEs against the assets you own.
Start Free Scan →