16 matches found
CVE-2025-63703
npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...
CVE-2025-63703
npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...
EUVD-2018-0155
Malware in sbrugna...
CVE-2025-3197
Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like proto...
PT-2022-8059 · Unknown · Email-Existence
Name of the Vulnerable Software and Affected Versions: email-existence affected versions not specified Description: A vulnerability was found in email-existence, rated as problematic. It affects some unknown functionality of the file index.js. The manipulation leads to inefficient regular...
UBUNTU-CVE-2022-21222
The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...
CVE-2020-7795
The package get-npm-package-version before 1.0.7 are vulnerable to Command Injection via main function in index.js...
UBUNTU-CVE-2021-23362
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity...
nuance-gulp-build-common OS Command Injection Vulnerability
nuance-gulp-build-common is a package for npm. nuance-gulp-build-common suffers from an operating system command injection vulnerability that stems from vulnerability to command injection via the index.js file...
Command Injection
ffmpeg-sdk is vulnerable to command injection. The vulnerability exists through the execute function in index.js, allowing an attacker to inject the code execution commands via remotely...
Command Injection
Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Command Injection via the index.js file. PoC: var a =require"wc-cmd"; a"touch JHU" Note: CVE-2020-28431 has been retracted because it was found to be invalid. Remediation There is no fixed...
Command Injection
Overview connection-tester is a module that tests to check if the connection can be established or host/port reachable for a given host and port. Useful for testing all the connection in your node application at server startup. Affected versions of this package are vulnerable to Command Injection...
CVE-2020-7660
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js"...
Command Injection
Overview gulp-styledocco is a StyleDocco plugin for gulp. Affected versions of this package are vulnerable to Command Injection. The argument options of the exports function in index.js can be controlled by users without any sanitization. PoC var root = require"gulp-styledocco"; var gulp =...
Unspecified Vulnerability in Total.js Platform
Total.js Platform is a suite of JavaScript Web platforms. The platform includes Total.js framework, Total.js apps, SQL Agent and NoSQL embedded DB. A security vulnerability exists in the index.js file in versions of Total.js Platform prior to 3.2.3. No details of the vulnerability are provided at...
CVE-2017-18077
index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service ReDoS attacks, as demonstrated by an expand argument containing many comma characters...