Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
node.js vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2021-34084
OS command injection vulnerability in Turistforeningen node-s3-uploader up to and including 2.0.3 for Node.js allows malicious users to execute arbitrary commands via the metadata() function.
S3-uploader Project S3-uploader
10
CVSSv2
CVE-2021-34080
OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows malicious users to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions.
Ssl-utils Project Ssl-utils
10
CVSSv2
CVE-2021-34082
OS Command Injection vulnerability in allenhwkim proctree up to and including 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows malicious users to execute arbitrary commands via the fix function.
Proctree Project Proctree
10
CVSSv2
CVE-2021-26275
The eslint-fixer package up to and including 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been in...
Eslint-fixer Project Eslint-fixer
10
CVSSv2
CVE-2016-3987
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.
Trendmicro Password Manager -
1 EDB exploit
10
CVSSv2
CVE-2015-0278
libuv prior to 0.10.34 does not properly drop group privileges, which allows context-dependent malicious users to gain privileges via unspecified vectors.
Fedoraproject Fedora 21
Libuv Project Libuv
Nodejs Node.js
10
CVSSv2
CVE-2014-9682
The dns-sync module prior to 0.1.1 for node.js allows context-dependent malicious users to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.
Dns-sync Project Dns-sync
10
CVSSv2
CVE-2014-7192
Eval injection vulnerability in index.js in the syntax-error package prior to 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote malicious users to execute arbitrary code via a crafted file.
Joyent Node.js
1 EDB exploit
10
CVSSv2
CVE-2014-7205
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin prior to 1.5.2 for the hapi server framework for Node.js allows remote malicious users to execute arbitrary Javascript code via unspecified vectors.
Bassmaster Project Bassmaster
1 EDB exploit
13 Github repositories
9.3
CVSSv2
CVE-2021-34083
Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved from google ...
Google-it Project Google-it
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »