Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
nvm (Node Version Manager) through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs and shell/awk commands. Two sinks are affected by the same untrusted input: nvm_download() built a curl/wget command string and ran it with eval, so a version field containing command substitution (for example $(id)) was executed by the local shell; and nvm_get_checksum() interpolated the version-derived download slug into an awk program, so a crafted version could execute arbitrary commands via awk's system(). An attacker who controls the configured mirror, supplies mirror content to a user or CI on a non-default mirror, or machine-in-the-middles a non-TLS mirror can ∴ run arbitrary commands with the privileges of the user running nvm. The default mirror (https://nodejs.org over TLS) is not affected. Fixed on master (pending the next tagged release) by passing every argument as a literal argv element instead of using eval, by passing the value to awk as data via -v instead of interpolating it into the program, and by rejecting any version outside the Node.js/io.js version grammar before it is used.
AnalysisAI
Command injection in nvm (Node Version Manager) versions through 0.40.4 allows attackers controlling the configured Node.js/io.js mirror to execute arbitrary shell commands as the user running nvm. Mirror-supplied version strings flow unsanitized into an eval'd curl/wget invocation in nvm_download() and into an awk program in nvm_get_checksum(), enabling injection via constructs like $(id). No public exploit is identified at time of analysis, but the GitHub Security Advisory (GHSA-3c52-35h2-gfmm) and committed regression tests demonstrate the bug class, and CVSS 7.5 (AV:N/AC:H/PR:N/UI:R) reflects that the default TLS-protected nodejs.org mirror is unaffected.
Technical ContextAI
nvm is a POSIX-shell installer/version-manager for Node.js distributed as nvm.sh. The vulnerability is CWE-78 (OS Command Injection) arising from two sinks that share the same untrusted input - version identifiers parsed from a mirror's index.tab. In nvm_download(), arguments were concatenated into a string and executed with eval curl … / eval wget $ARGS, so any shell metacharacter or $(…) in a download URL derived from the version was re-parsed by the shell. In nvm_get_checksum(), the version-derived slug was interpolated directly into an awk program, where awk's system() call could be reached by a crafted version. The affected CPE is cpe:2.3:a:nvm-sh:nvm:* up to 0.40.4.
RemediationAI
Upstream fix available (commits 6d870d182cd5333647ffa16c0d7dbcd817ec27a8, 90bb88748ba6c29c2cec73b18ed7057413aef308, and 70fb4ede6b9731d75d86451d48caa5faffbec21c on master); a released patched version is not independently confirmed at time of analysis, so users should track the next tagged release after 0.40.4 from https://github.com/nvm-sh/nvm/security/advisories/GHSA-3c52-35h2-gfmm or build from master. Until a tagged release is available, unset any custom NVM_NODEJS_ORG_MIRROR/NVM_IOJS_ORG_MIRROR configuration and rely on the default https://nodejs.org mirror - the trade-off is loss of internal-mirror caching and any air-gapped workflows. If a custom mirror is mandatory, enforce HTTPS to the mirror to remove the MitM vector and restrict the mirror to a trusted, integrity-checked source, accepting that a compromised mirror operator can still inject commands until the patch is applied. Do not run nvm install, nvm ls-remote, or related commands against untrusted mirror URLs.
FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t
Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulner
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rat
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34303