CVE-2017-16136

method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed...

CVE-2018-3722

merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...

CVE-2018-3724

general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path...

AZL-44772 CVE-2017-16137 affecting package nodejs-nodemon 2.0.3-5

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue...

AZL-44892 CVE-2017-16119 affecting package nodejs-nodemon 2.0.3-5

Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...

CVE-2017-16082

A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1 Executing unsafe, user-supplied sql which contains a malicious column name. 2...

Design/Logic Flaw

Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload...

Denial of service

The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds...

CVE-2017-16114

The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds...

CVE-2017-16021

uri-js is a module that tries to fully implement RFC 3986. One of these features is validating whether or not a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regular expression is vulnerable to redos. This causes the program to hang and the CPU to idle at 100%...

Design/Logic Flaw

prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10694

alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows. alto-saxophone versions below 2.25.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary...

CVE-2014-10064

The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...

CVE-2018-3728

hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existi...

Drupal Search 404 Cross-Site Scripting Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Search 404 is one of the modules that searches for keywords in the URL. A cross-site scripting vulnerability exists in the Drupal Search 404 module, which stems from the program failing...

Drupal LDAP Module Security Bypass Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A security bypass vulnerability exists in the Drupal LDAP module. It allows an attacker to provide unexpected input and potentially bypass the input validation protection...

Drupal Open Atrium Module Cross-Site Request Forgery Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Open Atrium module is a collaborative team development module based on the Drupal platform. Multiple cross-site request forgery vulnerabilities exist in subcomponents of the Drupal Open...

CVE-2018-4834

A vulnerability has been identified in Desigo PXC00-E.D V4.10 All versions V4.10.111, Desigo PXC00-E.D V5.00 All versions V5.0.171, Desigo PXC00-E.D V5.10 All versions V5.10.69, Desigo PXC00-E.D V6.00 All versions V6.0.204, Desigo PXC00/64/128-U V4.10 All versions V4.10.111 only with web module,...

Unspecified Vulnerability in Oracle Banking Corporate Lending Component

Oracle Financial Services Applications is the United States Oracle Oracle company's set of core banking, online banking and property management in one of the financial services software. Oracle Banking Corporate Lending is one of the bank loan management component. A security vulnerability exists...

UBUNTU-CVE-2014-3744

Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in an unspecified path...