Malicious code in node-red-contrib-request (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9732 Malicious code in node-red-contrib-request (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in node-red-contrib-lowwercase (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 577092139d0eab16ce212c5f1857a5bd55b8632d4d93358b21d74e379dbf7f60 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-9242 Malicious code in node-red-contrib-lowwercase (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 577092139d0eab16ce212c5f1857a5bd55b8632d4d93358b21d74e379dbf7f60 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

D-Link G416 nodered tar file command injection vulnerability

D-Link G416 is the AX1500 4G+ Smart Router launched by AUO in June 2025 , which supports Wi-Fi 6, AI Smart Optimization and 4G LTE Cat 6 network with up to 300Mbps internet speed. The D-Link G416 suffers from a command injection vulnerability that stems from a nodered tar file handling command...

D-Link G416 nodered gz file command injection vulnerability

D-Link G416 is the AX1500 4G+ Smart Router launched by AUO in June 2025 , which supports Wi-Fi 6, AI Smart Optimization and 4G LTE Cat 6 network with up to 300Mbps internet speed. The D-Link G416 suffers from a command injection vulnerability that stems from a nodered gz file handling command...

D-Link G416 安全漏洞

D-Link G416 is the AX1500 4G+ Smart Router launched by AUO in June 2025 , which supports Wi-Fi 6, AI Smart Optimization and 4G LTE Cat 6 network with up to 300Mbps internet speed. The D-Link G416 suffers from a command injection vulnerability that stems from a nodered gz file handling command...

@3c-node-red/runtime (=3.1.6), @adeunis/node-red-contrib-adeunis-codecs (=1.0.0) +244 more potentially affected by CVE-2024-27307 via jsonata (>=1.5.0 <=1.8.6)

jsonata NPM version =1.5.0, =20.2.3, =5.0.0, =0.8.0, =0.0.1, =1.0.0, =1.0.1, =2.0.0, =2.0.4 - @elastic.io/batching-library =2.0.1-dev.4 and more Source cves: CVE-2024-27307 Source advisory: OSV:GHSA-FQG8-VFV7-8FJ8...

Malicious code in node-red-contrib-object-to-array (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc617e826788805ca870b385151ace964f43893d9560c8b2d9615276520929a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1030 Malicious code in node-red-contrib-object-to-array (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc617e826788805ca870b385151ace964f43893d9560c8b2d9615276520929a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the nodered function of the D-Link G416 router’s HTTP microprogramming system allows a hacker to execute arbitrary code.

The vulnerability of the nodered function of the D-Link G416 router’s HTTP microprogramming system is related to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by...

VulnCheck KEV: CVE-2021-25864

node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file...

The vulnerability of the application programming interface of the graphical programming environment for creating threaded applications, Node-Red, allows a hacker to modify the default JavaScript object prototype.

The vulnerability of the application programming interface of the graphical programming environment for creating threaded applications like Node-Red is related to insufficient control over the modification of dynamically defined object properties. Exploiting this vulnerability could allow a...

VulnCheck KEV: CVE-2021-3223

Node-RED-Dashboard before 2.26.2 allows uibase/js/..%2f directory traversal to read files...

CVE-2021-26504

Directory Traversal vulnerability in Foddy node-red-contrib-huemagic version 3.0.0, allows remote attackers to gain sensitive information via crafted request in res.sendFile API in hue-magic.js...

Directory traversal

Directory Traversal vulnerability in Foddy node-red-contrib-huemagic version 3.0.0, allows remote attackers to gain sensitive information via crafted request in res.sendFile API in hue-magic.js...

node-red-contrib-huemagic path traversal vulnerability

node-red-contrib-huemagic is a solution for Foddy individual developers. A security vulnerability exists in Foddy node-red-contrib-huemagic version 3.0.0, which stems from a directory traversal vulnerability. An attacker can exploit this vulnerability to obtain sensitive information by sending a...

CVE-2021-26504

CVE-2021-26504 affects Foddy’s node-red-contrib-huemagic (v3.0.0). The vulnerability is a directory traversal in the hue-magic.js res.sendFile API, enabling remote attackers to read sensitive information. CVSS v3.1 base score 7.5 (HIGH) with NETWORK attack vector, LOW attack complexity, and no pr...

Malicious code in node-red-contrib-tfjs-object-detection (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5ae6d965935a10741f1389a09905356a09e9d7358dc5e8d1e3b56fac4602c78d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-633 Malicious code in node-red-contrib-tfjs-object-detection (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5ae6d965935a10741f1389a09905356a09e9d7358dc5e8d1e3b56fac4602c78d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...