Module Security Vulnerabilities
nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column name. 2).....
9.8CVSS
9.6AI Score
0.138EPSS
serverliujiayi1 is a simple http server. serverliujiayi1 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.007EPSS
cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
node-simple-router is a minimalistic router for Node. node-simple-router is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.007EPSS
ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS (Regular Expression Denial of Service) attack when given a specially crafted UserAgent...
7.5CVSS
7.3AI Score
0.009EPSS
The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the...
10CVSS
9.3AI Score
0.003EPSS
cyber-js is a simple http server. A cyberjs server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.007EPSS
iter-http is a server for static files. iter-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.007EPSS
list-n-stream is a server for static files to list and stream local videos. list-n-stream v0.0.10 or lower is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.007EPSS
fsk-server is a simple http server. fsk-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.007EPSS
xtalk helps your browser talk to nodex, a simple web framework. xtalk is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.006EPSS
smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.006EPSS
shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
tinyserver2 is a webserver for static files. tinyserver2 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.007EPSS
Sencisho is a simple http server for local development. Sencisho is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.3AI Score
0.007EPSS
mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
babelcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
node-opensl was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
ffmepg was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
Shout is an IRC client. Because the /topic command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout >=0.44.0...
6.1CVSS
6.2AI Score
0.001EPSS
jquery.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
mariadb was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.3AI Score
0.002EPSS
nodesqlite was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
sqlite.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
fabric-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on...
8.1CVSS
8.3AI Score
0.002EPSS
node-sqlite was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
sqliter was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
nodefabric was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command...
9.8CVSS
9.5AI Score
0.005EPSS
node-fabric was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
d3.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
sqlserver was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS
ikst versions before 1.1.2 download resources over HTTP, which leaves it vulnerable to MITM...
5.9CVSS
5.6AI Score
0.001EPSS
hftp is a static http or ftp server hftp is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.004EPSS
GitBook is a command line tool (and Node.js library) for building beautiful books using GitHub/Git and Markdown (or AsciiDoc). Stored Cross-Site-Scripting (XSS) is possible in GitBook before 3.2.2 by including code outside of backticks in any ebook. This code will be executed on the online...
6.1CVSS
6.2AI Score
0.001EPSS