DEBIAN-CVE-2026-26318

systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output in versions. Version 5.31.0 fixes the issue...

CLSA-2026-1770140451 nodejs: Fix of CVE-2025-23166

CVE-2025-23166: fix SignTraits::DeriveBits to properly validate user-supplied inputs to prevent crashing Node.js process...

EUVD-2022-7124

Malicious code in bioql PyPI...

EUVD-2024-0907

Malicious code in bioql PyPI...

CVE-2025-47949 samlify SAML Signature Wrapping attack

samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fix...

CVE-2025-47949 samlify SAML Signature Wrapping attack

samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fix...

CVE-2025-29774

A flaw was found in the xml-crypto library for Node.js. An attacker can exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto to verify signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a...

PT-2025-11287

Name of the Vulnerable Software and Affected Versions xml-crypto versions prior to 6.0.1 xml-crypto versions prior to 3.2.1 xml-crypto versions prior to 2.1.6 Description The xml-crypto library for Node.js contains a vulnerability that allows an attacker to modify a valid signed XML message in a...

CVE-2022-39299

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML elemen...

CVE-2024-56334 Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation

systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the getWindowsIEEE8021x function. This means that malicious content in the SSID can be executed as OS commands. This...

The vulnerability of the Node.js software library OpenVPN Connect allows a hacker to execute arbitrary code.

The vulnerability of the Node.js software product OpenVPN Connect relates to the lack of measures to neutralize instructions in the dynamically executed code. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

PT-2023-28597 · Npm · Systeminformation

Name of the Vulnerable Software and Affected Versions: systeminformation versions 5.0.0 through 5.21.6 Description: The systeminformation library for Node.JS has a SSID Command Injection Vulnerability. This issue affects versions 5.0.0 through 5.21.6. The problem was fixed with a parameter check ...

nodejs-json-schema: Prototype pollution vulnerability

The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, execute arbitrary code...

AZL-44670 CVE-2021-32640 affecting package js-jquery 3.5.0-4

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected]...

CVE-2021-21388

systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version = 5.6.4. If you cannot...

CVE-2021-28458

Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability...

CVE-2017-16019

GitBook is a command line tool and Node.js library for building beautiful books using GitHub/Git and Markdown or AsciiDoc. Stored Cross-Site-Scripting XSS is possible in GitBook before 3.2.2 by including code outside of backticks in any ebook. This code will be executed on the online reader...

Microsoft Passport-Azure-AD for Node.js library security bypass vulnerability

Microsoft Azure Active Directory Passport a.k.a. Passport-Azure-AD library for Node.js is a library collection of Passport policies for Node.js the web application platform from Microsoft, USA, which is used to help integrate node applications with Windows Azure Active Directory, a service that...

Fedora Update for nodejs-http-signature FEDORA-2013-11780

Check for the Version of nodejs-http-signature OpenVAS Vulnerability Test Fedora Update for nodejs-http-signature FEDORA-2013-11780 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...