minimist
minimist has 2 known security vulnerabilities in npm (Node.js). Upgrade to version 1.2.6 or later to resolve all known issues. Data sourced from OSV, enriched with EPSS exploit probability and CISA KEV.
Recommended safe version: 1.2.6
Upgrading to 1.2.6 or later resolves all 2 known vulnerabilities in minimist. Run: npm install minimist@1.2.6
Is minimist in your project?
Check if you're affected and upgrade to 1.2.6 to stay secure.
Vulnerabilities
2 unique vulnerabilities — sorted by severity. Click a CVE/GHSA ID for full details.
| CVE / GHSA | Severity | Affected | Fixed In |
|---|---|---|---|
| GHSA-xvch-5gv4-984h Prototype Pollution in minimist | CRITICAL | All versions | 1.2.6, 0.2.4 |
| GHSA-vh95-rmgr-6w4m Prototype Pollution in minimist | MODERATE | All versions | 0.2.1, 1.2.3 |
About This Data
Vulnerability data for minimist is sourced from the Open Source Vulnerability (OSV) database, aggregating reports from GitHub Advisory Database, NIST NVD, and ecosystem-specific sources.
CVSS (Common Vulnerability Scoring System) scores reflect exploitability and impact. EPSS (Exploit Prediction Scoring System) scores indicate the probability of exploitation within the next 30 days. Vulnerabilities marked with are listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
Check Your Dependencies
Scan your project to check if you're using a vulnerable version of minimist.