debug

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting debugpage 1 of 1

CVE-2017-16137MEDIUMCVSS 5.3✓ Fixed in 4.3.1
2018-06-07
The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.
CVE-2017-20165LOWCVSS 3.5EG 3.5✓ Fixed in 2.6.9
2023-01-09
A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. U…
CVE-2025-59144NONECVSS 0.0EG 0.0
2025-09-15
vulnerable: 4.4.2
debug is a JavaScript debugging utility. On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally identical to the previous patch version, but with a malwar…

Check whether debug is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for debug CVEs against the assets you own.

Start Free Scan →