By vendor
Openjsf vulnerabilities
Known CVEs affecting Openjsf products, prioritized by severity, with SEC.co remediation and detection guidance.
1 published vulnerability
- CVE-2026-10796HIGH 7.5
nvm (Node Version Manager) versions through 0.40.4 contain a command injection vulnerability in how they process version strings retrieved from configured Node.js mirrors. When you run commands like `nvm install`, the tool fetches available versions from a mirror's index and builds download URLs and shell commands using the version string without proper sanitization. An attacker controlling the mirror, intercepting unencrypted mirror traffic, or providing malicious mirror content can inject arbitrary commands that execute with the privileges of the user running nvm. The official default mirror (nodejs.org over HTTPS) is not affected, but users relying on alternative mirrors or unencrypted connections face significant risk.