@cyclonedx/cyclonedx-npm · IA Squad

Skip to content

js · @cyclonedx/cyclonedx-npmCritical

@cyclonedx/cyclonedx-npm command injection via --workspace with unset npm_execpath

Command injection vulnerability when using --workspace option with unset or empty npm_execpath environment variable.

20 Jun 2026 · act now