Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

basic-ftp

Ecosystem:
npm
Package URL:
pkg:npm/basic-ftp
Total PRs:
2,116 Dependabot PRs
Latest PR:
about 15 hours ago
Unique Repositories:
1,508 repositories
Unique Repos (30 days):
163 repositories
Security Advisories
basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering
GHSA-rpmf-866q-6p89 CVE-2026-44240 HIGH published 24 days ago • updated 8 days ago
## Summary `basic-ftp` is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compro...
Basic FTP has Path Traversal Vulnerability in its downloadToDir() method
GHSA-5rq4-664w-9x2c CVE-2026-27699 CRITICAL published 3 months ago • updated about 13 hours ago
The `basic-ftp` library contains a path traversal vulnerability in the `downloadToDir()` method. A malicious FTP server can send directory listings...
basic-ftp has FTP Command Injection via CRLF
GHSA-chqc-8p9q-pq6q CVE-2026-39983 HIGH published about 2 months ago • updated 9 days ago
## Summary `basic-ftp` version `5.2.0` allows FTP command injection via CRLF sequences (`\r\n`) in file path parameters passed to high-level path ...
basic-ftp: Incomplete CRLF Injection Protection Allows Arbitrary FTP Command Execution via Credentials and MKD Commands
GHSA-6v7q-wjvx-w8wg HIGH published about 2 months ago • updated 24 days ago
## Summary basic-ftp's CRLF injection protection (added in commit 2ecc8e2 for GHSA-chqc-8p9q-pq6q) is incomplete. Two code paths bypass the `prote...
basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list()
GHSA-rp42-5vxx-qpwr CVE-2026-41324 HIGH published about 1 month ago • updated 4 days ago
### Summary `basic-ftp@5.2.2` is vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote ...
Recent PRs (filtered by: Major PRs )
RSS Feed Clear filter
deps(deps): bump the security-patches group across 3 directories with 18 updates

VeVarunSharma/contoso-vibe-engineering #317

5.0.5 → 6.0.1 Major PR
Closed 11 days ago 5 comments
VeVarunSharma
chore(deps): bump basic-ftp from 5.3.1 to 6.0.0

somenameidc999/shop-agent #57

5.3.1 → 6.0.0 Major PR
Closed 16 days ago 1 comment
somenameidc999
chore(deps)(deps): bump basic-ftp from 5.3.1 to 6.0.1

skynett81/3dprintforge #5

5.3.1 → 6.0.1 Major PR
Open 28 days ago 1 comment
skynett81
Bump basic-ftp from 4.6.6 to 5.2.2

johansundstrom/spotprice #12

4.6.6 → 5.2.2 Major PR
Closed about 2 months ago 1 comment
johansundstrom
Bump basic-ftp from 4.5.3 to 5.2.2

AleOi/TestesJsReact #2

4.5.3 → 5.2.2 Major PR
Closed about 2 months ago 1 comment
AleOi
Package Details
Name: basic-ftp
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/basic-ftp
JSON API: View JSON
Security Advisories

5

Active advisories
CRITICAL 1
HIGH 4
View All npm Advisories
Package Information
Description:

FTP client for Node.js, supports FTPS over TLS, IPv6, Async/Await, and Typescript.

Repository: https://github.com/patrickjuchli/basic-ftp
Homepage: https://github.com/patrickjuchli/basic-ftp#readme
Latest Release: 5.1.0
5 months ago
Dependent Repos: 5,188
Dependent Packages: 271
Downloads: 50,604,527
Ranking: Top 0.3186% by dependent repos Top 0.0583% by downloads Top 0.1842% by dependent pkgs
PR Status
Open 843 (39.8%)
Merged 0 (0.0%)
Closed 1,273 (60.2%)
PR Types
Major 5 (0.2%)
Minor 1,426 (67.4%)
Patch 685 (32.4%)