Lucene search
K

367 matches found

vulnersOsv
vulnersOsv
added 2026/02/05 8:41 p.m.10 views

@afidos/nestjs-event-notifications (>=2.2.1 <=2.2.2), @mieweb/wikigdrive (>=2.15.0 <=2.17.1) +3 more potentially affected by CVE-2026-25520 via @nyariv/sandboxjs (>=0.5.3 <=0.8.25)

@nyariv/sandboxjs NPM version =0.5.3, =2.2.1, =2.15.0, =0.2.0, =11.0.0, =12.0.1 Source cves: CVE-2026-25520 Source advisory: SNYK:JS-NYARIVSANDBOXJS-15248295...

10CVSS6AI score0.00782EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/02 8:17 p.m.7 views

@afidos/nestjs-event-notifications (>=2.2.1 <=2.2.2), @mieweb/wikigdrive (>=2.15.0 <=2.17.1) +3 more potentially affected by CVE-2026-25142 via @nyariv/sandboxjs (>=0.5.3 <=0.8.25)

@nyariv/sandboxjs NPM version =0.5.3, =2.2.1, =2.15.0, =0.2.0, =11.0.0, =12.0.1 Source cves: CVE-2026-25142 Source advisory: SNYK:JS-NYARIVSANDBOXJS-15182636...

10CVSS5.8AI score0.01091EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/01/27 7:55 p.m.7 views

@afidos/nestjs-event-notifications (>=2.2.1 <=2.2.2), @mieweb/wikigdrive (>=2.15.0 <=2.17.1) +3 more potentially affected by CVE-2026-23830 via @nyariv/sandboxjs (>=0.5.3 <=0.8.25)

@nyariv/sandboxjs NPM version =0.5.3, =2.2.1, =2.15.0, =0.2.0, =11.0.0, =12.0.1 Source cves: CVE-2026-23830 Source advisory: SNYK:JS-NYARIVSANDBOXJS-15123975...

10CVSS5.8AI score0.01122EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/01/09 9:13 a.m.21 views

CVE-2022-31070

NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to block sensitive cookies e.g. session cookies from being forwarded to backend services configured by the application developer. This could have led to sensitive cooki...

7.5CVSS6.5AI score0.00603EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:13 a.m.18 views

CVE-2022-31069

NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to control when Authorization headers should should be forwarded for specific backend services configured by the application developer. This could have resulted in...

7.5CVSS6.4AI score0.00603EPSS
Exploits0References1
OSV
OSV
added 2025/12/30 3:32 p.m.7 views

GHSA-8WPR-639P-CCRJ Nest has a Fastify URL Encoding Middleware Bypass (TOCTOU)

A NestJS application is vulnerable if it meets all of the following criteria: 1. Platform: Uses @nestjs/platform-fastify. 2. Security Mechanism: Relies on NestMiddleware via MiddlewareConsumer for security checks authentication, authorization, etc., or through app.use 3. Routing: Applies middlewa...

9.1CVSS6.8AI score0.00355EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/12/30 3:32 p.m.8 views

Nest has a Fastify URL Encoding Middleware Bypass (TOCTOU)

A NestJS application is vulnerable if it meets all of the following criteria: 1. Platform: Uses @nestjs/platform-fastify. 2. Security Mechanism: Relies on NestMiddleware via MiddlewareConsumer for security checks authentication, authorization, etc., or through app.use 3. Routing: Applies middlewa...

9.1CVSS6.9AI score0.00355EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2025/12/29 4:44 p.m.4 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview @nestjs/platform-fastify is a Nest - modern, fast, powerful node.js web framework @platform-fastify Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the URL encoding middleware, allowing it to be bypassed in certain configurations. An...

9.1CVSS6.6AI score0.00355EPSS
Exploits1References2
NVD
NVD
added 2025/12/29 4:15 p.m.15 views

CVE-2025-69211

Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is vulnerable if it uses @nestjs/platform-fastify; relies on NestMiddleware via MiddlewareConsumer for security checks...

9.1CVSS0.00355EPSS
Exploits1References2
OSV
OSV
added 2025/12/29 4:1 p.m.6 views

CVE-2025-69211 Nest has a Fastify URL Encoding Middleware Bypass (TOCTOU)

Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is vulnerable if it uses @nestjs/platform-fastify; relies on NestMiddleware via MiddlewareConsumer for security checks...

9.1CVSS6.8AI score0.00355EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/29 4:1 p.m.1 views

CVE-2025-69211 Nest has a Fastify URL Encoding Middleware Bypass (TOCTOU)

Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is vulnerable if it uses @nestjs/platform-fastify; relies on NestMiddleware via MiddlewareConsumer for security checks...

9.1CVSS6.5AI score0.00355EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/29 4:1 p.m.29 views

CVE-2025-69211 Nest has a Fastify URL Encoding Middleware Bypass (TOCTOU)

Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is vulnerable if it uses @nestjs/platform-fastify; relies on NestMiddleware via MiddlewareConsumer for security checks...

9.1CVSS0.00355EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.5 views

nest 安全漏洞

nest is a Node.js framework open-sourced by nestjs for building efficient, scalable and enterprise-class server-side applications using TypeScript/JavaScript. A security vulnerability exists in versions of nest prior to 11.1.11, which stems from a bypass in the Fastify URL encoding middleware tha...

9.1CVSS5.8AI score0.00355EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/25 12:16 a.m.4 views

EUVD-2025-199405

Malicious code in @voiceflow/nestjs-common npm...

6.6AI score
Exploits0References3
OSV
OSV
added 2025/11/25 12:16 a.m.5 views

MAL-2025-191358 Malicious code in @voiceflow/nestjs-mongodb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2004e6b1248a0973eb52ceacef7b58dbf4de7c31813ea2b67f07e2788ad3205e The package @voiceflow/nestjs-mongodb was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References10
EUVD
EUVD
added 2025/11/25 12:16 a.m.4 views

EUVD-2025-199404

Malicious code in @voiceflow/nestjs-mongodb npm...

6.6AI score
Exploits0References3
EUVD
EUVD
added 2025/11/25 12:16 a.m.4 views

EUVD-2025-199402

Malicious code in @voiceflow/nestjs-redis npm...

6.6AI score
Exploits0References3
EUVD
EUVD
added 2025/11/25 12:16 a.m.5 views

EUVD-2025-199401

Malicious code in @voiceflow/nestjs-timeout npm...

6.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.7 views

Malicious code in @voiceflow/nestjs-mongodb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2004e6b1248a0973eb52ceacef7b58dbf4de7c31813ea2b67f07e2788ad3205e The package @voiceflow/nestjs-mongodb was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References10
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.7 views

Malicious code in @voiceflow/nestjs-timeout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13d9067ab95136128bf92e8d28b434d340ae4fd7cd2c8e06f3378c71c3f6f2b1 The package @voiceflow/nestjs-timeout was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References10
Rows per page
Query Builder