Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

GHSA-hv96-xxx2-5v7w

GitHub Security Advisory

Downloads Resources over HTTP in nw

✓ GitHub Reviewed HIGH Has CVE

Advisory Details

Affected versions of `nw` insecurely download an executable over an unencrypted HTTP connection.

In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running `nw`.

## Recommendation

Update to version 0.23.6-1 or later.

Affected Packages

npm nw

Affected versions: 0 (fixed in 0.23.6-1)

Related CVEs

CVE-2016-10588

Key Information

GHSA ID

GHSA-hv96-xxx2-5v7w

Published

February 18, 2019 11:51 PM

Last Modified

June 10, 2021 11:26 PM

CVSS Score

7.5 /10

Primary Ecosystem

npm

Primary Package

nw

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 4, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.