CVE-2019-16772

The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting XSS. It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of...

Exploit for CVE-2025-55182

CVE-2025-55182 This repository contains a PoC reproduction of...

EUVD-2019-0772

Malware in sbrugna...

EUVD-2023-1503

Malicious code in bioql PyPI...

EUVD-2023-1473

Malicious code in bioql PyPI...

EUVD-2023-1645

Malicious code in bioql PyPI...

CVE-2024-22169

WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could allow code execution by utilizing the 'ELECTRONRUNASNODE' environment variable. Any malicious application operating with standard user permissions can exploit this vulnerability,...

CVE-2024-23743

Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment."...

CVE-2023-26127

All versions of the package n158 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target...

Command injection

All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwm-ng.js file. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within t...

nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode

A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service ReDoS. This issue only affects consumers using the strict option. The highest threat from this vulnerability is to availability...

Cross site scripting

The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting XSS. It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of...

CVE-2019-16772

The CVE-2019-16772 entry concerns the npm package serialize-to-js, with versions before 3.0.1 vulnerable to XSS due to unsafe characters in serialized regular expressions. Node.js environments are not affected because RegExp.prototype.toString() escapes forward slashes, but non-Node.js environmen...

math.js remote code execution vulnerability

This article explains in short how we found, exploited and reported a remote code execution RCE vulnerability. It is meant to be a guide to finding vulnerabilities, as well as reporting them in a responsible manner. Step one: discovery While playing around with a wrapper of the math.js API...