DEBIAN-CVE-2026-26318

systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output in versions. Version 5.31.0 fixes the issue...

CLSA-2026-1770140451 nodejs: Fix of CVE-2025-23166

CVE-2025-23166: fix SignTraits::DeriveBits to properly validate user-supplied inputs to prevent crashing Node.js process...

EUVD-2022-7124

Malicious code in bioql PyPI...

EUVD-2024-0907

Malicious code in bioql PyPI...

CVE-2025-47949 samlify SAML Signature Wrapping attack

samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fix...

CVE-2025-47949 samlify SAML Signature Wrapping attack

samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fix...

CVE-2025-29774

A flaw was found in the xml-crypto library for Node.js. An attacker can exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto to verify signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a...

PT-2025-11287

Name of the Vulnerable Software and Affected Versions xml-crypto versions prior to 6.0.1 xml-crypto versions prior to 3.2.1 xml-crypto versions prior to 2.1.6 Description The xml-crypto library for Node.js contains a vulnerability that allows an attacker to modify a valid signed XML message in a...

CVE-2022-39299

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML elemen...

CVE-2024-56334 Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation

systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the getWindowsIEEE8021x function. This means that malicious content in the SSID can be executed as OS commands. This...

PT-2023-28597 · Npm · Systeminformation

Name of the Vulnerable Software and Affected Versions: systeminformation versions 5.0.0 through 5.21.6 Description: The systeminformation library for Node.JS has a SSID Command Injection Vulnerability. This issue affects versions 5.0.0 through 5.21.6. The problem was fixed with a parameter check ...

nodejs-json-schema: Prototype pollution vulnerability

The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, execute arbitrary code...

AZL-44670 CVE-2021-32640 affecting package js-jquery 3.5.0-4

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected]...

CVE-2021-21388

systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version = 5.6.4. If you cannot...

CVE-2021-28458

Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability...

CVE-2017-16019

GitBook is a command line tool and Node.js library for building beautiful books using GitHub/Git and Markdown or AsciiDoc. Stored Cross-Site-Scripting XSS is possible in GitBook before 3.2.2 by including code outside of backticks in any ebook. This code will be executed on the online reader...

Microsoft Passport-Azure-AD for Node.js library security bypass vulnerability

Microsoft Azure Active Directory Passport a.k.a. Passport-Azure-AD library for Node.js is a library collection of Passport policies for Node.js the web application platform from Microsoft, USA, which is used to help integrate node applications with Windows Azure Active Directory, a service that...

Fedora Update for nodejs-http-signature FEDORA-2013-11780

Check for the Version of nodejs-http-signature OpenVAS Vulnerability Test Fedora Update for nodejs-http-signature FEDORA-2013-11780 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...