Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
node vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-28433
This affects all versions of package node-latex-pdf.
Node-latex-pdf Project Node-latex-pdf
NA
CVE-2013-4116
lib/npm.js in Node Packaged Modules (npm) prior to 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.
Node Packaged Modules Project Node Packaged Modules
8.1
CVSSv3
CVE-2016-10590
cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip fil...
Cue-sdk-node Project Cue-sdk-node
8.1
CVSSv3
CVE-2016-10599
sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution ...
Node-sauce-connect Project Node-sauce-connect
8.1
CVSSv3
CVE-2016-10641
node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks.
Node-bsdiff-android Project Node-bsdiff-android
8.1
CVSSv3
CVE-2016-10647
node-air-sdk is an AIR SDK for nodejs. node-air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is...
Node-air-sdk Project Node-air-sdk -
6.5
CVSSv3
CVE-2021-21421
node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later.
Node-etsy-client Project Node-etsy-client
7.5
CVSSv3
CVE-2017-16124
node-server-forfront is a simple static file server. node-server-forfront is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Node-server-forfront Project Node-server-forfront
9.8
CVSSv3
CVE-2021-23797
All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is.
Http-server-node Project Http-server-node
9.8
CVSSv3
CVE-2020-11079
node-dns-sync (npm module dns-sync) up to and including 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1.
Node-dns-sync Project Node-dns-sync
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »