The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address...
8.8CVSS
8.8AI Score
0.012EPSS
This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending...
9.8CVSS
9.6AI Score
0.025EPSS
nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by...
7.5CVSS
7.4AI Score
0.002EPSS