Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
node.js vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-12265
The decompress package prior to 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal.
Decompress Project Decompress
9.8
CVSSv3
CVE-2013-7381
libnotify prior to 1.0.4 for Node.js allows remote malicious users to execute arbitrary commands via unspecified characters in a call to libnotify.notify.
Libnotify Project Libnotify
9.8
CVSSv3
CVE-2013-7378
scripts/email.coffee in the Hubot Scripts module prior to 2.4.4 for Node.js allows remote malicious users to execute arbitrary commands.
Hubot Scripts Project Hubot Scripts
9.8
CVSSv3
CVE-2019-15606
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
Nodejs Node.js
Oracle Graalvm 20.0.0
Oracle Graalvm 19.3.1
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.4.0
Debian Debian Linux 10.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Opensuse Leap 15.1
9.8
CVSSv3
CVE-2019-15605
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
Nodejs Node.js
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Opensuse Leap 15.1
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Software Collections 1.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Aus 7.7
Redhat Enterprise Linux Server Tus 7.7
Redhat Enterprise Linux Eus 7.7
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Aus 8.6
Redhat Enterprise Linux Server Tus 8.6
Redhat Enterprise Linux Eus 8.6
9.8
CVSSv3
CVE-2020-6836
grammar-parser.jison in the hot-formula-parser package prior to 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-contr...
Hot-formula-parser Project Hot-formula-parser
9.8
CVSSv3
CVE-2019-10061
utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) before 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing malicious users to execute arbitrary commands.
Node-opencv Project Node-opencv
9.8
CVSSv3
CVE-2018-16460
A command Injection in ps package versions <1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID.
Umbraengineering Ps
9.8
CVSSv3
CVE-2018-13797
The macaddress module prior to 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.
Node-macaddress Project Node-macaddress
9.8
CVSSv3
CVE-2017-1000219
npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user
Windows-cpu Project Windows-cpu 0.1.2
Windows-cpu Project Windows-cpu 0.1.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »