Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

EUVD
EUVDadded 2025/11/12 4:29 a.m.2 views

EUVD-2025-111899

Malicious code in kronos-async-library-io npm...

6.6AI score
Exploits0
OSV
OSVadded 2025/11/12 4:29 a.m.2 views

MAL-2025-144214 Malicious code in kronos-async-library-io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea6bee7aa7b2d9c88f44508041512b5125621a3086325c536cd05f9df907abd5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
CNNVD
CNNVDadded 2024/07/01 12:0 a.m.1 views

Async Security Vulnerabilities

Async is a utility module by the individual developer Caolan McMahon in the UK. It is used for working with asynchronous JavaScript. A security vulnerability exists in Async versions 2.6.4 and earlier and 3.2.5 and earlier, which stems from vulnerability to a Regular Expression Denial of Service...

7.5CVSS6.7AI score0.00812EPSS
Exploits0References8
Cvelist
Cvelistadded 2024/07/01 12:0 a.m.19 views

CVE-2024-39249

Async = 2.6.4 and = 3.2.5 are vulnerable to ReDoS Regular Expression Denial of Service while parsing function in autoinject function. NOTE: this is disputed by the supplier because there is no realistic threat model: regular expressions are not used with untrusted input...

0.00812EPSS
Exploits0References5
SUSE CVE
SUSE CVEadded 2023/02/15 3:37 a.m.2 views

SUSE CVE-2021-43138

In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues method, aka lib/internal/iterator.js createObjectIterator prototype pollution...

7.8CVSS8.7AI score0.03372EPSS
Exploits1References18
OSV
OSVadded 2022/04/07 12:0 a.m.0 views

GHSA-FWR7-V2MV-HH25 Prototype Pollution in async

A vulnerability exists in Async through 3.2.1 for 3.x and through 2.6.3 for 2.x fixed in 3.2.2 and 2.6.4, which could let a malicious user obtain privileges via the mapValues method...

7.8CVSS6.8AI score0.03372EPSS
Exploits1References15
OSV
OSVadded 2022/04/06 5:15 p.m.35 views

CVE-2021-43138

In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues method, aka lib/internal/iterator.js createObjectIterator prototype pollution...

7.8CVSS7.6AI score
Exploits0References10
NVD
NVDadded 2022/04/06 5:15 p.m.27 views

CVE-2021-43138

In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues method, aka lib/internal/iterator.js createObjectIterator prototype pollution...

7.8CVSS0.03372EPSS
Exploits1References10
Positive Technologies
Positive Technologiesadded 2022/04/06 12:0 a.m.5 views

PT-2022-7301 · Async +2 · Async +2

Name of the Vulnerable Software and Affected Versions: Async versions 2.x through 2.6.3 Async versions 3.x through 3.2.1 Description: The issue is related to the mapValues function in the Async library, which is used for working with asynchronous JavaScript. It involves the incorrect control of...

9.8CVSS8.2AI score0.99951EPSS
Exploits59References263
Debian CVE
Debian CVEadded 2022/04/06 12:0 a.m.87 views

CVE-2021-43138

In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues method, aka lib/internal/iterator.js createObjectIterator prototype pollution...

7.8CVSS7.2AI score0.03372EPSS
Exploits1
Rows per page
Query Builder