Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2025/11/28 7:3 p.m.4 views

Security Bulletin: Astronomer with IBM is vulnerable to server-side request forgery due to the node-ip package (CVE-2025-59436, CVE-2025-59437)

Summary Node-ip is used by Astronomer with IBM as part of IP address processing functionality. Vulnerability Details CVEID:CVE-2025-59436 DESCRIPTION: The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 017700000001 is improperly categorized as globally...

3.2CVSS6.6AI score0.00019EPSS
Exploits0Affected Software1
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2025-29356

Malicious code in bioql PyPI...

3.2CVSS6.3AI score0.00019EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/09/18 1:39 a.m.4 views

CVE-2025-59437

The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several applications, connection...

8.1CVSS9.4AI score0.8434EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2025/09/17 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-59437

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOT...

8.1CVSS6.9AI score0.8434EPSS
Exploits0References3
OSV
OSVadded 2025/09/16 6:16 a.m.2 views

CVE-2025-59436

The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415...

3.2CVSS7AI score
Exploits0References2
Debian CVE
Debian CVEadded 2025/09/16 12:0 a.m.2 views

CVE-2025-59437

The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several applications, connection...

3.2CVSS5.3AI score0.00019EPSS
Exploits0
RedhatCVE
RedhatCVEadded 2024/06/03 1:32 p.m.143 views

CVE-2024-29415

A flaw was found in node-ip. The fix for CVE-2023-42282 in the ip package for Node.js was incomplete, and the issue may still be triggered using some IP addresses. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Securi...

9.8CVSS8.6AI score0.8434EPSS
Exploits1References4
OSV
OSVadded 2024/02/19 5:14 p.m.0 views

USN-6643-1 node-ip vulnerability

Emre Durmaz discovered that NPM IP package incorrectly distinguished between private and public IP addresses. A remote attacker could possibly use this issue to perform Server-Side Request Forgery SSRF attacks...

9.8CVSS6.8AI score0.00652EPSS
Exploits1References2
Rows per page
Query Builder