CVE-2022-29080
The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value.
Date published : 2022-04-12
https://github.com/barneycarroll/npm-dependency-versions/issues/6