Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nodejs vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2020-7596
Codecov npm module prior to 3.6.2 allows remote malicious users to execute arbitrary commands via the "gcov-args" argument.
Codecov Nodejs Uploader
6.4
CVSSv2
CVE-2022-21824
Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could b...
Nodejs Node.js
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Mysql Enterprise Monitor
Oracle Mysql Server
Oracle Mysql Connectors
Oracle Mysql Workbench
Oracle Mysql Cluster
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Snapcenter -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
2 Github repositories
6.4
CVSSv2
CVE-2021-22959
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
Llhttp Llhttp
Oracle Graalvm 21.3.0
Oracle Graalvm 20.3.4
Debian Debian Linux 11.0
6.4
CVSSv2
CVE-2021-41117
keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue exists where this library was generating identical RSA keys used in SSH....
Keypair Project Keypair
2 Github repositories
6.4
CVSSv2
CVE-2020-8287
Node.js versions prior to 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smug...
Nodejs Node.js
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Oracle Graalvm 19.3.4
Oracle Graalvm 20.3.0
Siemens Sinec Infrastructure Network Services
1 Github repository
6.4
CVSSv2
CVE-2019-10744
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Lodash Lodash
Netapp Service Level Manager -
Netapp Active Iq Unified Manager -
Redhat Virtualization Manager 4.3
Oracle Banking Extensibility Workbench 14.4.0
Oracle Banking Extensibility Workbench 14.3.0
F5 Big-iq Centralized Management
F5 Iworkflow 2.3.0
F5 Big-iq Centralized Management 7.0.0
F5 Big-ip Analytics
F5 Big-ip Local Traffic Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Edge Gateway
F5 Big-ip Webaccelerator
6 Github repositories
6.4
CVSSv2
CVE-2018-20834
A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as...
Node-tar Project Node-tar
4 Github repositories
6.4
CVSSv2
CVE-2017-15896
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentica...
Nodejs Node.js
6.4
CVSSv2
CVE-2012-2330
The Update method in src/node_http_parser.cc in Node.js prior to 0.6.17 and 0.7 prior to 0.7.8 does not properly check the length of a string, which allows remote malicious users to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero ...
Nodejs Nodejs
Nodejs Nodejs 0.7.6
Nodejs Nodejs 0.7.4
Nodejs Nodejs 0.7.5
Nodejs Nodejs 0.7.3
Nodejs Nodejs 0.7.0
Nodejs Nodejs 0.7.2
Nodejs Nodejs 0.7.7
Nodejs Nodejs 0.7.1
5.8
CVSSv2
CVE-2021-44531
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, whic...
Nodejs Node.js
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Mysql Enterprise Monitor
Oracle Mysql Connectors
Oracle Mysql Workbench
Oracle Mysql Server
Oracle Graalvm 20.3.5
Oracle Graalvm 21.3.1
Oracle Graalvm 22.0.0.2
Oracle Mysql Cluster
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »