Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4420 matches found

ATTACKERKB
ATTACKERKBadded 2023/12/04 1:15 p.m.5 views

CVE-2023-6460

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this.settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this...

5.5CVSS6AI score0.0012EPSS
Exploits0References3
OSV
OSVadded 2023/12/04 1:15 p.m.9 views

CVE-2023-6460

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this.settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this...

5.5CVSS5.5AI score
Exploits0References1
Prion
Prionadded 2023/12/04 1:15 p.m.16 views

Code injection

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this.settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this...

1.7CVSS7.1AI score0.0012EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2023/12/04 12:26 p.m.39 views

CVE-2023-6460 Information leak in nodejs-firestore

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this.settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this...

4CVSS5.7AI score0.0012EPSS
Exploits0References2
CVE
CVEadded 2023/12/04 12:26 p.m.69 views

CVE-2023-6460

CVE-2023-6460 affects Google nodejs-firestore. The issue arises from logging this._settings, which can cause leakage of the Firestore key to log files with read access. Reported across multiple sources, including NVD and OSV, with remediation guidance to upgrade to version 6.1.0 where the issue i...

5.5CVSS4.8AI score0.0012EPSS
Exploits0References2Affected Software1
CNNVD
CNNVDadded 2023/12/04 12:0 a.m.4 views

Google nodejs-firestore Security Vulnerability

Google nodejs-firestore is a NoSQL document database by Google, Inc. A security vulnerability exists in Google nodejs-firestore versions prior to 6.1.0, which stems from the presence of potential logging that could be exposed to anyone with log read access...

5.5CVSS6.5AI score0.0012EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2023/12/04 12:0 a.m.9 views

PT-2023-32673

Name of the Vulnerable Software and Affected Versions nodejs-firestore versions prior to 6.1.0 Description A potential logging issue exists within nodejs-firestore, where developers logging objects through this. settings may inadvertently log the firestore key, potentially exposing it to anyone...

5.5CVSS6AI score0.0012EPSS
Exploits0References12
Veracode
Veracodeadded 2023/11/29 5:49 a.m.30 views

Denial Of Service (DoS)

nodejs is vulnerable to Denial Of Service DoS. The vulnerability exists when an invalid public key is used to create an x509 certificate using the crypto.X509Certificate API. A non-expected termination occurs, making it susceptible to Denial of Service DoS attacks. In this scenario, an attacker...

5.3CVSS6.8AI score0.01157EPSS
Exploits0References3Affected Software1
Veracode
Veracodeadded 2023/11/29 5:49 a.m.57 views

Inconsistency Between Implementation And Documented Design

nodejs is vulnerable to Inconsistency Between Implementation and Documented Design. The vulnerability is due to generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys.This discrepancy between the documented and actual behavior of the API allows ...

7.5CVSS6.6AI score0.01462EPSS
Exploits0References3Affected Software1
Veracode
Veracodeadded 2023/11/29 5:46 a.m.30 views

Prototype Pollution

NodeJS is vulnerable to Prototype Pollution. The vulnerability is caused due to bypassing the policy mechanism in the use of proto in process.mainModule.proto.require. This can lead to require and load modules outside of the policy.json definition...

7.5CVSS6.5AI score0.0105EPSS
Exploits0References2Affected Software1
Wolfi
Wolfiadded 2023/11/28 8:15 p.m.337 views

CVE-2023-30588 vulnerabilities

Vulnerabilities for packages: nodejs...

5.3CVSS7AI score0.01157EPSS
Exploits0
Wolfi
Wolfiadded 2023/11/28 8:15 p.m.206 views

CVE-2023-30590 vulnerabilities

Vulnerabilities for packages: nodejs...

7.5CVSS7.6AI score0.01462EPSS
Exploits0
Chainguard
Chainguardadded 2023/11/28 8:15 p.m.31 views

CVE-2023-30588 vulnerabilities

Vulnerabilities for packages: nodejs...

5.3CVSS6.6AI score0.01157EPSS
Exploits0
Chainguard
Chainguardadded 2023/11/28 8:15 p.m.53 views

CVE-2023-30590 vulnerabilities

Vulnerabilities for packages: nodejs...

7.5CVSS7.2AI score0.01462EPSS
Exploits0
OSV
OSVadded 2023/11/28 8:15 p.m.1 views

DEBIAN-CVE-2023-30588

When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key inf...

5.3CVSS6.5AI score0.01157EPSS
Exploits0References1
Wolfi
Wolfiadded 2023/11/28 2:15 a.m.31 views

CVE-2023-30585 vulnerabilities

Vulnerabilities for packages: nodejs...

7.5CVSS7.8AI score0.01467EPSS
Exploits0
OSV
OSVadded 2023/11/23 12:15 a.m.3 views

DEBIAN-CVE-2023-30581

The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time...

7.5CVSS7AI score0.0105EPSS
Exploits0References1
Wolfi
Wolfiadded 2023/11/23 12:15 a.m.44 views

CVE-2023-30581 vulnerabilities

Vulnerabilities for packages: nodejs...

7.5CVSS8AI score0.0105EPSS
Exploits0
CNNVD
CNNVDadded 2023/11/23 12:0 a.m.3 views

node-openssl Security Vulnerabilities

node-openssl is the openssl package for nodejs. A security vulnerability exists in node-openssl version 2.0.0 and earlier, which stems from a security flaw in the opts parameter...

9.8CVSS6.8AI score0.01909EPSS
Exploits1References3
OpenVAS
OpenVASadded 2023/11/22 12:0 a.m.29 views

Ubuntu: Security Advisory (USN-6491-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.9AI score0.77278EPSS
Exploits4References2
Rows per page
Query Builder