OsVault/npm/tmp
npm

tmp

12 known vulnerabilities · 0 critical · 1 high

CVE-2025-54798

tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter

Published Aug 6, 2025
GHSA-7c78-jf6q-g5cm

tmp: Type-confusion bypass of _assertPath allows path traversal via non-string prefix/postfix/template

Published Jun 15, 2026
GHSA-ph9p-34f9-6g65

tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape

Published May 27, 2026
CVE-2017-16024MEDIUM

Tmp files readable by other users in sync-exec

Published Nov 9, 2018
CVE-2021-3777HIGH

tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion

Published Sep 20, 2021
GHSA-xmv6-r34m-62p4

OpenClaw: Sandbox media fallback tmp symlink alias bypass allows host file reads outside sandboxRoot

Published Mar 3, 2026
MAL-2022-1438

Malicious code in babeltmplatp (npm)

Published Aug 19, 2022
CVE-2026-22171

OpenClaw vulnerable to path traversal in Feishu media temp-file naming allows writes outside os.tmpdir()

Published Mar 3, 2026
MAL-2022-5510

Malicious code in ptmproc (npm)

Published Jun 13, 2022
MAL-2022-60

Malicious code in @adam_baldwin/tag-tmp (npm)

Published Jun 1, 2022
MAL-2025-48005

Malicious code in tmp-npmsnha (npm)

Published Oct 7, 2025
GHSA-3pvj-jv98-qhjq

Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory

Published Jun 17, 2026
Check your entire dependency tree at onceRun dependency scan →