Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
node.js vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2023-26129
All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwm-ng.js file. **Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the abili...
Bwm-ng Project Bwm-ng
6.5
CVSSv3
CVE-2023-27562
The n8n package 0.218.0 for Node.js allows Directory Traversal.
N8n N8n 0.218.0
8.8
CVSSv3
CVE-2023-27563
The n8n package 0.218.0 for Node.js allows Escalation of Privileges.
N8n N8n 0.218.0
7.5
CVSSv3
CVE-2023-27564
The n8n package 0.218.0 for Node.js allows Information Disclosure.
N8n N8n 0.218.0
1 Github repository
6.5
CVSSv3
CVE-2023-31125
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the `socket.io` parent package. Older versions are ...
Socket Engine.io
6.1
CVSSv3
CVE-2022-2237
A flaw was found in the Keycloak Node.js Adapter. This flaw allows an malicious user to benefit from an Open Redirect vulnerability in the checkSso function.
Redhat Single Sign-on 7.0
Redhat Keycloak Node.js Adapter -
9.8
CVSSv3
CVE-2018-25083
The pullit package prior to 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name.
Pull It Project Pull It
9.8
CVSSv3
CVE-2022-43441
A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious input to trigger this vulnerability.
Ghost Sqlite3
6.1
CVSSv3
CVE-2023-28155
The Request package up to and including 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by t...
Request Project Request
1 Github repository
7.5
CVSSv3
CVE-2023-23919
A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that...
Nodejs Node.js
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »