ai/nanoid
Releases126
Frequency3 weeks 4 days
Last Release
Stars26.8K
A tiny (118 bytes), secure, URL-friendly, unique string ID generator for JavaScript
CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| — | 4.3 MEDIUM | — | ||
nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version. | ||||
| >= 3.0.0, < 3.1.31 | 4 MEDIUM | 2.1 LOW | ||
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated. | ||||