Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
node vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-7721
All versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function.
Node-oojs Project Node-oojs
7.5
CVSSv3
CVE-2015-8851
node-uuid prior to 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for malicious users to have unspecified impact via brute force guessing.
Node-uuid Project Node-uuid
1 Github repository
7.5
CVSSv3
CVE-2022-21208
The package node-opcua prior to 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of...
Node-opcua Project Node-opcua
9.8
CVSSv3
CVE-2019-10061
utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) before 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing malicious users to execute arbitrary commands.
Node-opencv Project Node-opencv
5.9
CVSSv3
CVE-2022-2596
Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch before 3.2.10.
Node-fetch Project Node-fetch
6.5
CVSSv3
CVE-2018-3714
node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.
Node-srv Project Node-srv
9.8
CVSSv3
CVE-2023-49210
The openssl (aka node-openssl) NPM package up to and including 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author, and accepts an opts argument that contains a verb field (used for command execution). NOTE: This vulnerability only affects...
Node-openssl Project Node-openssl
7.5
CVSSv3
CVE-2018-20834
A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as...
Node-tar Project Node-tar
4 Github repositories
9.8
CVSSv3
CVE-2014-3741
The printDirect function in lib/printer.js in the node-printer module 0.0.1 and previous versions for Node.js allows remote malicious users to execute arbitrary commands via unspecified characters in the lpr command.
Node-printer Project Node-printer
9.8
CVSSv3
CVE-2018-13797
The macaddress module prior to 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.
Node-macaddress Project Node-macaddress
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »