Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
node.js vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-3190
The async-git package prior to 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag.
Async-git Project Async-git
7.5
CVSSv2
CVE-2019-0230
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
Apache Struts
Oracle Financial Services Market Risk Measurement And Management 8.0.6
Oracle Communications Policy Management 12.5.0
Oracle Financial Services Data Integration Hub 8.0.6
Oracle Financial Services Data Integration Hub 8.0.3
Oracle Mysql Enterprise Monitor
10 Github repositories
1 Article
7.5
CVSSv2
CVE-2020-24660
An issue exists in LemonLDAP::NG up to and including 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions prior to 0.5.2 of the "Lemonldap::NG handler for Node.js&...
Lemonldap-ng Lemonldap\\ \\
Debian Debian Linux 10.0
7.5
CVSSv2
CVE-2018-21268
The traceroute (aka node-traceroute) package up to and including 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed...
Traceroute Project Traceroute
7.5
CVSSv2
CVE-2020-14967
An issue exists in the jsrsasign package prior to 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts (it decrypts modified ciphertexts without error). An attacker might prepend...
Jsrsasign Project Jsrsasign
Netapp Max Data -
2 Github repositories
7.5
CVSSv2
CVE-2020-14968
An issue exists in the jsrsasign package prior to 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature (it accepts these modified signatures as valid). An attacker can abu...
Jsrsasign Project Jsrsasign
Netapp Max Data -
2 Github repositories
7.5
CVSSv2
CVE-2020-8149
Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1.
Logkitty Project Logkitty
1 Github repository
7.5
CVSSv2
CVE-2020-12265
The decompress package prior to 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal.
Decompress Project Decompress
7.5
CVSSv2
CVE-2013-7381
libnotify prior to 1.0.4 for Node.js allows remote malicious users to execute arbitrary commands via unspecified characters in a call to libnotify.notify.
Libnotify Project Libnotify
7.5
CVSSv2
CVE-2013-7378
scripts/email.coffee in the Hubot Scripts module prior to 2.4.4 for Node.js allows remote malicious users to execute arbitrary commands.
Hubot Scripts Project Hubot Scripts
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »