shiba
npm2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting shibapage 1 of 1
- CVE-2017-1000491MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.1.12018-01-03
Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.
- CVE-2020-7738HIGHCVSS 8.3EG 8.32020-10-02
All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad().
Check whether shiba is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for shiba CVEs against the assets you own.
Start Free Scan →