This might be proprietary software.
|2020-09-03||CVE-2020-7729||The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.||Ubuntu_linux, Debian_linux, Grunt||7.1|
|2022-05-10||CVE-2022-1537||file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.||Grunt||7.0|
|2022-04-12||CVE-2022-0436||Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.||Grunt||5.5|