Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
node.js vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2016-3987
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.
Trendmicro Password Manager -
1 EDB exploit
1000
VMScore
CVE-2014-7192
Eval injection vulnerability in index.js in the syntax-error package prior to 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote malicious users to execute arbitrary code via a crafted file.
Joyent Node.js
1 EDB exploit
1000
VMScore
CVE-2014-7205
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin prior to 1.5.2 for the hapi server framework for Node.js allows remote malicious users to execute arbitrary Javascript code via unspecified vectors.
Bassmaster Project Bassmaster
1 EDB exploit
13 Github repositories
890
VMScore
CVE-2021-34080
OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows malicious users to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions.
Ssl-utils Project Ssl-utils
890
VMScore
CVE-2021-34082
OS Command Injection vulnerability in allenhwkim proctree up to and including 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows malicious users to execute arbitrary commands via the fix function.
Proctree Project Proctree
890
VMScore
CVE-2021-34084
OS command injection vulnerability in Turistforeningen node-s3-uploader up to and including 2.0.3 for Node.js allows malicious users to execute arbitrary commands via the metadata() function.
S3-uploader Project S3-uploader
890
VMScore
CVE-2021-26275
The eslint-fixer package up to and including 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been in...
Eslint-fixer Project Eslint-fixer
890
VMScore
CVE-2015-0278
libuv prior to 0.10.34 does not properly drop group privileges, which allows context-dependent malicious users to gain privileges via unspecified vectors.
Fedoraproject Fedora 21
Libuv Project Libuv
Nodejs Node.js
890
VMScore
CVE-2014-9682
The dns-sync module prior to 0.1.1 for node.js allows context-dependent malicious users to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.
Dns-sync Project Dns-sync
829
VMScore
CVE-2017-12581
GitHub Electron prior to 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy (SOP) is a precondition; however, recent...
Electron Electron
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »