Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nodejs vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-32215
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
Nodejs Node.js
Llhttp Llhttp
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Siemens Sinec Ins 1.0
Debian Debian Linux 11.0
Stormshield Stormshield Management Center
5.3
CVSSv3
CVE-2022-32222
A cryptographic vulnerability exists on Node.js on linux in versions of 18.x before 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to O...
Nodejs Node.js
Siemens Sinec Ins 1.0
Siemens Sinec Ins
1 Github repository
6.5
CVSSv3
CVE-2022-32210
`Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS r...
Nodejs Undici
7.3
CVSSv3
CVE-2022-32223
Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\...
Nodejs Node.js
1 Github repository
5.3
CVSSv3
CVE-2022-33987
The got package prior to 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
Got Project Got
1 Github repository
7.5
CVSSv3
CVE-2022-29244
npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of v7.9.0 and v7.13.0 respectiv...
Npmjs Npm
Netapp Ontap Select Deploy Administration Utility -
7.5
CVSSv3
CVE-2022-24434
This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes.
Dicer Project Dicer
1 Github repository
5.4
CVSSv3
CVE-2022-25224
Proton v0.2.0 allows an malicious user to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an malicious user to host JavaScript code in the malicious link in order to trigger an XSS attac...
Proton Project Proton 0.2.0
5.4
CVSSv3
CVE-2022-25229
Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this t...
Popcorn Time Project Popcorn Time 0.4.7
9.8
CVSSv3
CVE-2021-44906
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Substack Minimist
4 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »