tmp

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting tmppage 1 of 1

CVE-2025-54798LOWCVSS 2.5EG 2.5✓ Fixed in 0.2.4
2025-08-07
tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.
CVE-2026-44705HIGHCVSS 8.2EG 8.2✓ Fixed in 0.2.6
2026-05-27
tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the prefix, postfix…
CVE-2026-49982HIGHCVSS 8.2EG 8.2✓ Fixed in 0.2.7
2026-06-11
tmp is a temporary file and directory creator for node.js. In version 0.2.6, the _assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non…

Check whether tmp is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for tmp CVEs against the assets you own.

Start Free Scan →