pkg:npm/basic-ftp

All known vulnerabilities

• CRITICAL9.1CVE-2026-27699Basic FTP has Path Traversal Vulnerability in its downloadToDir() method
  from 0, < 5.2.0
• HIGH8.6CVE-2026-39983basic-ftp has FTP Command Injection via CRLF
  >= 5.2.0, < 5.2.1
• HIGH7.5CVE-2026-44240basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering
  from 0, < 5.3.1
• HIGH7.5basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list()
  from 0, < 5.3.0