Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
node.js vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-5941
An issue exists in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).
Node-serialize Project Node-serialize
4 Github repositories
7.5
CVSSv2
CVE-2015-8857
The uglify-js package prior to 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow malicious users to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Java...
Uglifyjs Project Uglifyjs
1 Github repository
7.5
CVSSv2
CVE-2015-5380
The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js prior to 0.12.6, io.js prior to 1.8.3 and 2.x prior to 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote ma...
Google V8 -
Iojs Io.js 2.0.0
Iojs Io.js 2.3.2
Iojs Io.js 2.0.2
Iojs Io.js 2.2.0
Iojs Io.js 2.0.1
Iojs Io.js 2.1.0
Iojs Io.js 2.3.1
Iojs Io.js 2.3.0
Iojs Io.js
Iojs Io.js 2.2.1
Nodejs Node.js
7.5
CVSSv2
CVE-2015-1369
SQL injection vulnerability in Sequelize prior to 2.0.0-rc7 for Node.js allows remote malicious users to execute arbitrary SQL commands via the order parameter.
Sequelize Project Sequelize
7.5
CVSSv2
CVE-2014-6394
visionmedia send prior to 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote malicious users to access restricted directories, as demonstrated using "public-restricted" under a "public"...
Fedoraproject Fedora 21
Fedoraproject Fedora 20
Fedoraproject Fedora 19
Apple Xcode 7.0
Joyent Node.js
Joyent Node.js 0.8.2
Joyent Node.js 0.8.1
Joyent Node.js 0.8.0
1 Github repository
7.2
CVSSv2
CVE-2020-13536
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT S...
Moxa Mxview 3.1.8
7.2
CVSSv2
CVE-2020-13537
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SY...
Moxa Mxview 3.1.8
7.2
CVSSv2
CVE-2016-1202
Untrusted search path vulnerability in Atom Electron prior to 0.33.5 allows local users to gain privileges via a Trojan horse Node.js module in a parent directory of a directory named on a require line.
Atom Electron
6.9
CVSSv2
CVE-2020-13110
The kerberos package prior to 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because of a DLL path search.
Kerberos Project Kerberos
6.8
CVSSv2
CVE-2022-29247
Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions before 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeInte...
Electronjs Electron 18.0.0
Electronjs Electron 17.0.0
Electronjs Electron
Electronjs Electron 16.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »