Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

29 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2020-0368

Malware in sbrugna...

5.3CVSS5.3AI score0.00318EPSS
Exploits1References6
RedhatCVE
RedhatCVEadded 2025/05/22 5:54 p.m.2 views

CVE-2020-7637

class-transformer before 0.3.1 allow attackers to perform Prototype Pollution. The classToPlainFromExist function could be tricked into adding or modifying properties of Object.prototype using a proto payload...

5.3CVSS6.8AI score0.00318EPSS
Exploits1References1
Veracode
Veracodeadded 2022/02/09 9:47 a.m.13 views

Improper Input Validation

frourio is vulnerable to improper input validation. The vulnerability exists due to improper input validation within the class-transformer function through the validators/ folder in the index.ts file, which allows an attacker to bypass security...

8.8CVSS3.4AI score0.00377EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2022/02/07 11:15 p.m.8 views

CVE-2022-23623

Frourio is a full stack framework, for TypeScript. Frourio users who uses frourio version prior to v0.26.0 and integration with class-validator through validators/ folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific...

8.8CVSS0.00377EPSS
Exploits0References2
Prion
Prionadded 2022/02/07 11:15 p.m.10 views

Input validation

Frourio is a full stack framework, for TypeScript. Frourio users who uses frourio version prior to v0.26.0 and integration with class-validator through validators/ folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific...

6.5CVSS8.6AI score0.00377EPSS
Exploits0References2Affected Software1
Prion
Prionadded 2022/02/07 11:15 p.m.12 views

Input validation

Frourio-express is a minimal full stack framework, for TypeScript. Frourio-express users who uses frourio-express version prior to v0.26.0 and integration with class-validator through validators/ folder are subject to a input validation vulnerability. Validators do not work properly for request...

6.5CVSS8.6AI score0.00377EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2022/02/07 10:38 p.m.13 views

GHSA-MMJ4-777P-FPQ9 Validation bypass in frourio-express

日本語 影響 v0.26.0以前のfrourioを使用している、かつvalidators/を利用している場合、ネストされたバリデータがリクエストのボディーとクエリに対して正しく働かないケースがあります。また、リクエストに対してバリデーションが効かなくなる入力があります。 パッチ frourioをv0.26.0かそれ以降のバージョンにアップデートをお願いします。frourio を使用したプロジェクトには class-transformer と reflect-metadata の依存への追加も必要となります。 ワークアラウンド...

8.1CVSS8.4AI score0.00377EPSS
Exploits0References4
OSV
OSVadded 2022/02/07 10:37 p.m.10 views

GHSA-8XXM-H73R-GHFJ Validation bypass in frourio

日本語 影響 v0.26.0以前のfrourioを使用している、かつvalidators/を利用している場合、ネストされたバリデータがリクエストのボディーとクエリに対して正しく働かないケースがあります。また、リクエストに対してバリデーションが効かなくなる入力があります。 パッチ frourioをv0.26.0かそれ以降のバージョンにアップデートをお願いします。frourio を使用したプロジェクトには class-transformer と reflect-metadata の依存への追加も必要となります。 ワークアラウンド...

8.1CVSS8.4AI score0.00377EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2022/02/07 10:37 p.m.13 views

Validation bypass in frourio

日本語 影響 v0.26.0以前のfrourioを使用している、かつvalidators/を利用している場合、ネストされたバリデータがリクエストのボディーとクエリに対して正しく働かないケースがあります。また、リクエストに対してバリデーションが効かなくなる入力があります。 パッチ frourioをv0.26.0かそれ以降のバージョンにアップデートをお願いします。frourio を使用したプロジェクトには class-transformer と reflect-metadata の依存への追加も必要となります。 ワークアラウンド...

8.8CVSS2.6AI score0.00377EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2022/02/07 10:15 p.m.10 views

CVE-2022-23623 Validation bypass in frourio

Frourio is a full stack framework, for TypeScript. Frourio users who uses frourio version prior to v0.26.0 and integration with class-validator through validators/ folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific...

8.1CVSS8.9AI score0.00377EPSS
Exploits0References2
CVE
CVEadded 2022/02/07 10:15 p.m.59 views

CVE-2022-23623

Frourio (TypeScript full-stack framework) versions prior to v0.26.0 using validators/ integration may fail input validation for request bodies and queries in certain cases, allowing some input to bypass validation. The root cause is improper validator behavior in the validators/ path. The advisor...

8.8CVSS8.4AI score0.00377EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2022/02/07 10:15 p.m.9 views

CVE-2022-23623 Validation bypass in frourio

Frourio is a full stack framework, for TypeScript. Frourio users who uses frourio version prior to v0.26.0 and integration with class-validator through validators/ folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific...

8.1CVSS8.7AI score0.00377EPSS
Exploits0References4
OSV
OSVadded 2022/02/07 10:15 p.m.12 views

CVE-2022-23624 Validation bypass in frourio-express

Frourio-express is a minimal full stack framework, for TypeScript. Frourio-express users who uses frourio-express version prior to v0.26.0 and integration with class-validator through validators/ folder are subject to a input validation vulnerability. Validators do not work properly for request...

8.1CVSS8.6AI score0.00377EPSS
Exploits0References4
CVE
CVEadded 2022/02/07 10:15 p.m.65 views

CVE-2022-23624

Frourio-express contains an input validation vulnerability affecting users of versions prior to v0.26.0 when using the integration with class-validator via the validators/ folder. The issue leads to validators not working properly for request bodies and queries in specific situations, leaving som...

8.8CVSS8.4AI score0.00377EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2022/02/07 10:15 p.m.10 views

CVE-2022-23624 Validation bypass in frourio-express

Frourio-express is a minimal full stack framework, for TypeScript. Frourio-express users who uses frourio-express version prior to v0.26.0 and integration with class-validator through validators/ folder are subject to a input validation vulnerability. Validators do not work properly for request...

8.1CVSS8.9AI score0.00377EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2022/02/07 12:0 a.m.2 views

PT-2022-16137 · Unknown +1 · Class-Transformer +3

Name of the Vulnerable Software and Affected Versions: Frourio versions prior to v0.26.0 Description: Frourio is a full stack framework for TypeScript. Users who use Frourio version prior to v0.26.0 and integrate with class-validator through the validators/ folder are subject to an input validati...

8.8CVSS8.6AI score0.00377EPSS
Exploits0References9
OSV
OSVadded 2020/04/07 3:47 p.m.19 views

GHSA-6GP3-H3JJ-PRX4 Prototype pollution in class-transformer

class-transformer through 0.2.3 is vulnerable to Prototype Pollution. The 'classToPlainFromExist' function could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload...

5.3CVSS5.1AI score0.00318EPSS
Exploits1References5
vulnersOsv
vulnersOsvadded 2020/04/07 3:47 p.m.2 views

@3volutions/welle7.lib (=1.0.1), @acathur/koa-decorator-ts (>=2.7.0 <=2.7.4) +1161 more potentially affected by CVE-2020-7637 via class-transformer (>=0.1.10 <=0.2.3)

class-transformer NPM version =0.1.10, =2.7.0, =1.0.0, =0.1.0, =0.0.4, =0.0.1, =1.0.1, =0.0.1, =1.3.0-next.2, =1.2.0, =1.0.1, =0.0.1, =0.0.1, =0.0.9, =0.0.18 and more Source cves: CVE-2020-7637 Source advisory: OSV:GHSA-6GP3-H3JJ-PRX4...

5.3CVSS6AI score0.00318EPSS
Exploits1
Github Security Blog
Github Security Blogadded 2020/04/07 3:47 p.m.109 views

Prototype pollution in class-transformer

class-transformer through 0.2.3 is vulnerable to Prototype Pollution. The 'classToPlainFromExist' function could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload...

5.3CVSS3.2AI score0.00318EPSS
Exploits1References5Affected Software1
Veracode
Veracodeadded 2020/04/07 6:14 a.m.15 views

Prototype Pollution

class-transformer is vulnerable to prototype pollution. The vulnerability exists as proto payload could be introduced into the classToPlainFromExist function...

5.3CVSS2.4AI score0.00318EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder