Aggregates CVE and security vulnerability intelligence across all node-fetch_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk open redirect and vendor risk path handling and related security problems, affecting vendor surface software deployment and vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-2596 | Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10. | [email protected] | 5.9 | 1.10% | 2022-08-01 | 2026-06-17 |
| CVE-2022-0235 | node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | [email protected] | 6.1 | 1.65% | 2022-01-16 | 2026-06-17 |
| CVE-2020-15168 | node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don't double-check the size of the data after fetch() has completed, your | [email protected] | 2.6 | 1.69% | 2020-09-10 | 2026-06-16 |