OsVault/npm/codecov
npm1 critical

codecov

5 known vulnerabilities · 1 critical · 2 high

CVE-2020-7597HIGH

codecov NPM module allows remote attackers to execute arbitrary commands

Published Feb 19, 2020
CVE-2020-7596HIGH

Improper Neutralization of Special Elements in Output Used by a Downstream Component in Codecov

Published May 24, 2022
CVE-2020-15123CRITICAL

Command injection in codecov (npm package)

Published Jul 20, 2020
MAL-2025-2450

Malicious code in com.unity.testtools.codecoverage (npm)

Published Mar 17, 2025
MAL-2026-2345

Malicious code in codecoverage-tools (npm)

Published Mar 24, 2026
Check your entire dependency tree at onceRun dependency scan →