OsVault/npm/shescape
npm1 critical

shescape

10 known vulnerabilities · 1 critical · 1 high

CVE-2023-35931LOW

Shescape potential environment variable exposure on Windows with CMD

Published Jun 22, 2023
CVE-2026-32094

Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash

Published Mar 11, 2026
CVE-2025-30222

Shescape has potential environment variable exposure on Windows with CMD

Published Mar 26, 2025
CVE-2026-30916

Withdrawn Advisory: Shescape has possible misidentification of shell due to link chains

Published Mar 7, 2026
CVE-2022-31180CRITICAL

Shescape vulnerable to insufficient escaping of whitespace

Published Jul 15, 2022
CVE-2021-21384MEDIUM

Null characters not escaped

Published Mar 18, 2021
CVE-2022-25918MEDIUM

Inefficient Regular Expression Complexity in shescape

Published Oct 25, 2022
CVE-2023-40185MEDIUM

Shescape on Windows escaping may be bypassed in threaded context

Published Aug 22, 2023
CVE-2022-24725MEDIUM

Exposure of home directory through shescape on Unix with Bash

Published Mar 3, 2022
CVE-2022-31179HIGH

Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD

Published Jul 15, 2022
Check your entire dependency tree at onceRun dependency scan →