Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
node vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2022-23812
This affects the package node-ipc from 10.1.1 and prior to 10.1.3. This package contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart emoji. **Note**: from versions 11.0.0 onwards, instead of having malicious cod...
Node-ipc Project Node-ipc
3 Github repositories
NA
CVE-2022-24375
The package node-opcua prior to 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
Node-opcua Project Node-opcua
5
CVSSv2
CVE-2015-8851
node-uuid prior to 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for malicious users to have unspecified impact via brute force guessing.
Node-uuid Project Node-uuid
1 Github repository
5
CVSSv2
CVE-2022-21164
The package node-lmdb prior to 0.9.7 are vulnerable to Denial of Service (DoS) when defining a non-invokable ToString value, which will cause a crash during type check.
Node-lmdb Project Node-lmdb
NA
CVE-2022-21208
The package node-opcua prior to 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of...
Node-opcua Project Node-opcua
7.5
CVSSv2
CVE-2020-7632
node-mpv up to and including 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument.
Node-mpv Project Node-mpv
7.5
CVSSv2
CVE-2020-7673
node-extend up to and including 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument `A` of `extend` function`(A,B,as,isAargs)` located within `lib/extend.js` is executed by the `eval` function, resulting in code execution.
Node-extend Project Node-extend
NA
CVE-2020-7678
This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js".
Node-import Project Node-import
7.5
CVSSv2
CVE-2020-7721
All versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function.
Node-oojs Project Node-oojs
6.8
CVSSv2
CVE-2020-7789
This affects the package node-notifier prior to 9.0.0. It allows an malicious user to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array.
Node-notifier Project Node-notifier
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »