CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46ae7bd01528ae4eb0e9b0708506f1ef7e24e2a6f8bcb754efa14557a29756e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

Exploits0

EUVD•added 2025/11/11 8:11 p.m.•4 views

EUVD-2025-105252

Malicious code in finalshrimpz3n npm...

6.6AI score

Exploits0

EUVD•added 2025/11/11 7:31 a.m.•2 views

EUVD-2025-77860

Malicious code in ytterbiccondorz3n npm...

6.6AI score

Exploits0

EUVD•added 2025/11/11 7:16 a.m.•2 views

EUVD-2025-69189

Malicious code in lutfi-telurtahu88-ruro npm...

6.6AI score

Exploits0

OSV•added 2025/11/05 4:54 p.m.•4 views

CLSA-2025-1762361695 nodejs: Fix of CVE-2023-39333

CVE-2023-39333: fix maliciously crafted export names injection of JavaScript code...

5.3CVSS7AI score0.00936EPSS

Exploits0References1

AstraLinux•added 2025/10/31 4:38 p.m.•4 views

Astra Linux - уязвимость в python-urllib3

urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means...

6.1CVSS6.8AI score0.00313EPSS

Exploits0References2

IBM Security Bulletins•added 2025/10/23 8:18 p.m.•3 views

Security Bulletin: multiple vulerability in IBM Spectrum Symphony with Node.js

Summary multiple vulerability in IBM Spectrum Symphony with Node.js Vulnerability Details CVEID:CVE-2024-27982 DESCRIPTION: The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling...

8.2CVSS7.7AI score0.87211EPSS

Exploits1Affected Software1

Veracode•added 2025/10/15 4:18 a.m.•5 views

Malicious Package Injection

DuckDB is vulnerable to malicious package injection. The vulnerability is due to unauthorized access and compromise of the npm package publishing process, which allowed an attacker to upload malicious versions of DuckDB’s Node.js packages containing code that interfered with cryptocurrency...

8.6CVSS7.4AI score0.00349EPSS

Exploits0References5Affected Software4

HackRead•added 2025/10/10 2:29 p.m.•6 views

Stealit Malware Using Node.js to Hide in Fake Game and VPN Installers

Fortinet warns of Stealit, a MaaS infostealer, now targeting Windows systems and evading detection by using Node.js’s SEA feature while hiding in fake game and VPN installers...

7AI score

Exploits0

RedhatCVE•added 2025/10/07 3:22 p.m.•4 views

CVE-2025-61668

Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a...

8.7CVSS6.6AI score0.00399EPSS

Exploits0References1

Microsoft CVE•added 2025/10/02 6:10 a.m.•3 views

libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify.

...

9.8CVSS7AI score0.02685EPSS

Exploits0

IBM Security Bulletins•added 2025/09/26 6:33 p.m.•9 views

Security Bulletin: Vulnerabilities in Bouncy Castle, Eclipse JGit and Node.js diff might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Bouncy Castle, Eclipse JGit and Node.js diff. Vulnerabilities include vulnerable to padding oracle attack, allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistic...

7.5CVSS8.2AI score0.08878EPSS

Exploits0Affected Software1

OSSF Malicious Packages•added 2025/09/26 9:37 a.m.•5 views

Malicious code in nodejs-example-google-cloud-trace (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score

Exploits0

OSV•added 2025/09/24 6:30 p.m.•5 views

GHSA-6XV4-9CQP-92RH messageformat prototype pollution vulnerability

The Runtime components of messageformat package for Node.js version 3.0.1 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the prototype chain of JavaScript objects by providing...

5.3CVSS7.1AI score0.00313EPSS

Exploits0References7

IBM Security Bulletins•added 2025/09/24 2:59 p.m.•7 views

Security Bulletin: IBM Transformation Advisor is affected by multiple vulnerabilities found in Java, Node.js and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, Node.js and IBM WebSphere Application Server Liberty used by IBM Transformation Advisor. Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of...

8.1CVSS6.6AI score0.01058EPSS

Exploits1Affected Software1

Cvelist•added 2025/09/24 12:0 a.m.•7 views

CVE-2025-57354

A vulnerability exists in the 'counterpart' library for Node.js and the browser due to insufficient sanitization of user-controlled input in translation key processing. The affected versions prior to 0.18.6 allow attackers to manipulate the library's translation functionality by supplying...

0.00442EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by