Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
node.js vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-32695
socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in...
Socket Socket.io-parser
NA
CVE-2023-26127
All versions of the package n158 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function. **Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node....
N158 Project N158
NA
CVE-2023-26128
All versions of the package keep-module-latest are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function. **Note:** To execute the code snippet and potentially exploit the vulnerability, the at...
Keep-module-latest Project Keep-module-latest
NA
CVE-2023-26129
All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwm-ng.js file. **Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the abili...
Bwm-ng Project Bwm-ng
NA
CVE-2023-27562
The n8n package 0.218.0 for Node.js allows Directory Traversal.
N8n N8n 0.218.0
NA
CVE-2023-27563
The n8n package 0.218.0 for Node.js allows Escalation of Privileges.
N8n N8n 0.218.0
NA
CVE-2023-27564
The n8n package 0.218.0 for Node.js allows Information Disclosure.
N8n N8n 0.218.0
1 Github repository
NA
CVE-2023-31125
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the `socket.io` parent package. Older versions are ...
Socket Engine.io
NA
CVE-2022-2237
A flaw was found in the Keycloak Node.js Adapter. This flaw allows an malicious user to benefit from an Open Redirect vulnerability in the checkSso function.
Redhat Single Sign-on 7.0
Redhat Keycloak Node.js Adapter -
NA
CVE-2018-25083
The pullit package prior to 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name.
Pull It Project Pull It
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »