MAL-2026-1732 Malicious code in express-ranges (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72e2924456833204b2201e4c108e394c45b7f35695aa2bb4a1048528ef95b78e The package express-ranges was found to contain malicious code...

Malicious code in express-http-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2471851d15cff5d3bc09d823660e1bebf3aee789535bf81e4f71c1ed6fa1fd86 The package express-http-validator was found to contain malicious code...

MAL-2026-1731 Malicious code in express-http-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2471851d15cff5d3bc09d823660e1bebf3aee789535bf81e4f71c1ed6fa1fd86 The package express-http-validator was found to contain malicious code...

Malicious code in express-configers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a9cfdc0f6b353580eb8a7c49a034123cbc9e7666eecf209fcc1eca4ca21c7dc The package express-configers was found to contain malicious code...

MAL-2026-1730 Malicious code in express-configers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a9cfdc0f6b353580eb8a7c49a034123cbc9e7666eecf209fcc1eca4ca21c7dc The package express-configers was found to contain malicious code...

EUVD-2026-12216

A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to...

CVE-2026-4171

A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to...

Serverless Express 安全漏洞

Serverless Express is an open-source library from Code Genie that allows for running Node.js web applications in a serverless environment. Serverless Express versions 4.17.1 and earlier contain a security vulnerability. This vulnerability stems from incorrect handling of the parameter userId in t...

Express - Node.js API with PostgreSQL SQL注入漏洞

Express - Node.js API with PostgreSQL is a RESTful API service developed by Jawher Kl, based on Node.js and PostgreSQL. Versions of Express - Node.js API with PostgreSQL prior to version 2.5 have a SQL injection vulnerability. This vulnerability stems from incorrect handling of the sort parameter...

Express - Node.js API with PostgreSQL 代码问题漏洞

Express - Node.js API with PostgreSQL is a RESTful API service developed by Jawher Kl, based on Node.js and PostgreSQL. There are code issues and vulnerabilities in versions 2.5 and earlier of Express - Node.js API with PostgreSQL. These vulnerabilities stem from incorrect operations on the...

CVE-2026-4171 CodeGenieApp serverless-express API Endpoint TodoList.ts authorization

A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to...

CVE-2026-4171 CodeGenieApp serverless-express API Endpoint TodoList.ts authorization

A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to...

CVE-2026-4171

CVE-2026-4171 affects CodeGenieApp serverless-express up to 4.17.1. The vulnerability involves the authorization of a TodoList.ts endpoint (examples/lambda-function-url/packages/api/models/TodoList.ts) where manipulating the userId bypasses authorization. It is exploitable remotely and has public...

CVE-2026-4171

A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to...

PT-2026-25543

A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the argument userId leads to...

CVE-2026-31949

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service DoS vulnerability exists in the DELETE /api/convos endpoint that allows an authenticated attacker to crash the Node.js server process by sending malformed requests. The DELETE /api/convos route handler...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-32248 via parse-server (>=2.0.8 <=7.5.4)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-32248 Source advisory: OSV:GHSA-5FW2-8JCV-XH87...

EUVD-2026-11535

A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made...

CVE-2026-3992

A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made...

CVE-2026-3992 CodeGenieApp serverless-express Users Endpoint dynamodb.ts injection

A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The exploit has been made...