Fix got — CVE-2022-33987 MEDIUM
Fix CVE-2022-33987 (MEDIUM) in got for npm. Paste your package.json into PackageFix and get a patched version — no CLI, no signup. Open redirect vulnerability in url following.
⚠ Vulnerability
CVE-2022-33987 (MEDIUM) — open redirect vulnerability in URL following in got versions below 12.6.1.
Vulnerable Version — package.json
"got": "11.8.5"
Fixed Version — package.json
"got": "12.6.1"
✓ Fix
Update got to 12.6.1 or later. Run npm install to apply. Verify with your ecosystem's audit tool after updating.
Paste your manifest — get back a fixed version with all CVEs patched in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
CVE Details
| Field | Value |
|---|---|
| CVE ID | CVE-2022-33987 |
| Severity | MEDIUM |
| Package | got (npm) |
| Vulnerable versions | Below 12.6.1 |
| Safe version | 12.6.1 |
| CISA KEV | — |
| Description | Open redirect vulnerability in url following |
Frequently Asked Questions
What is CVE-2022-33987?
CVE-2022-33987 is a MEDIUM severity vulnerability in got (npm). It allows open redirect vulnerability in URL following. Update to version 12.6.1 or later to fix it.
How do I fix CVE-2022-33987 in got?
Update got to version 12.6.1 in your package.json. Run npm install after updating to apply the fix.
Is CVE-2022-33987 being actively exploited?
Check the live CISA KEV catalog at packagefix.dev — PackageFix always reflects the current KEV status.
How do I check if I am affected by CVE-2022-33987?
Paste your package.json into PackageFix. If your installed version of got is below 12.6.1, you are affected. PackageFix shows the exact CVE ID and fix version.
What search queries does this page target?
This page covers: got npm CVE, got vulnerability, got security fix.