simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file...
5.4CVSS
5.2AI Score
0.001EPSS
626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known...
7.5CVSS
7.2AI Score
0.004EPSS
resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known...
7.5CVSS
7.3AI Score
0.003EPSS
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property...
6.5CVSS
6.3AI Score
0.001EPSS
glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known...
6.5CVSS
6.1AI Score
0.001EPSS
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js...
5.4CVSS
5.1AI Score
0.001EPSS
assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all...
8.8CVSS
8.5AI Score
0.001EPSS
https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g....
9.1CVSS
8.9AI Score
0.007EPSS
mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all...
8.8CVSS
8.4AI Score
0.001EPSS
merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all...
8.8CVSS
8.5AI Score
0.001EPSS
general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known...
7.5CVSS
7.3AI Score
0.004EPSS
crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file...
6.1CVSS
5.9AI Score
0.001EPSS
localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known...
7.5CVSS
7.3AI Score
0.004EPSS
mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known...
7.5CVSS
7.3AI Score
0.004EPSS
public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known...
7.5CVSS
7.3AI Score
0.004EPSS
7.5CVSS
7.2AI Score
0.002EPSS
5.5CVSS
5.3AI Score
0.001EPSS
lessindex is a static file server. lessindex is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.004EPSS
tencent-server is a simple web server. tencent-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.004EPSS
elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing "../" in the url. The files accessible, however, are limited to files with a file extension. Sending a GET request to /../../../etc/passwd, for example, will....
5.3CVSS
5.2AI Score
0.001EPSS
serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known...
6.5CVSS
6.2AI Score
0.001EPSS
ltt is a static file server. ltt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.004EPSS
peiserver is a static file server. peiserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.004EPSS
sgqserve is a simple file server. sgqserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.004EPSS
fbr-client sends files through sockets via socket.io and webRTC. fbr-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.004EPSS
dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.004EPSS
st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 (redirect) to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most browsers treat as a...
6.1CVSS
6.1AI Score
0.001EPSS
jn_jj_server is a static file server. jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.004EPSS
mfrserver is a simple file server. mfrserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.004EPSS
nodeaaaaa is a static file server. nodeaaaaa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.004EPSS
yttivy is a static file server. yttivy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.004EPSS
wind-mvc is an mvc framework. wind-mvc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.004EPSS
node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known...
6.5CVSS
6.4AI Score
0.002EPSS
angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known...
6.5CVSS
6.2AI Score
0.001EPSS
enserver is a simple web server. enserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.004EPSS
yzt is a simple file server. yzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.004EPSS
aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user (that performed a aegir-release) GitHub...
7.5CVSS
7.4AI Score
0.002EPSS
The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code...
9.8CVSS
9.6AI Score
0.015EPSS
Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large...
7.5CVSS
7.3AI Score
0.001EPSS
dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.004EPSS
mfrs is a static file server. mfrs is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.004EPSS
qinserve is a static file server. qinserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.003EPSS
zjjserver is a static file server. zjjserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.004EPSS
dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.004EPSS
360class.jansenhm is a static file server. 360class.jansenhm is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.3AI Score
0.004EPSS
open-device creates a web interface for any device. open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.004EPSS
reecerver is a web server. reecerver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.004EPSS
sly07 is an API for censoring text. sly07 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.004EPSS
getcityapi.yoehoehne is a web server. getcityapi.yoehoehne is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.004EPSS
uv-tj-demo is a static file server. uv-tj-demo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.004EPSS