44 matches found
CVE-2026-21710 vulnerabilities
Vulnerabilities for packages: nodejs...
GHSA-G4W6-C99W-4WH7 BrowserStack Local vulnerable to Command Injection through logfile variable
The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js...
Linux Distros Unpatched Vulnerability : CVE-2026-22036
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize...
CVE-2020-24660
An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...
EUVD-2025-112795
Malicious code in hermes-gacrux-meissa-cordelia npm...
EUVD-2025-113242
Malicious code in geckodriver-kastra-public-deneb npm...
EUVD-2025-71008
Malicious code in colouredcrayfishz3n npm...
EUVD-2025-69814
Malicious code in influentiallocustz3n npm...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses multer-1.4.5-lts.2.tgz which is vulnerable to CVE-2025-47935.
Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses multer-1.4.5-lts.2.tgz which is vulnerable to CVE-2025-47935. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-47935 DESCRIPTION: Multer is a node.js...
EUVD-2024-0870
Malicious code in bioql PyPI...
EUVD-2022-6318
Malicious code in bioql PyPI...
EUVD-2022-5987
Malicious code in bioql PyPI...
Malicious code in duckdb (npm)
The DuckDB Node.js package duckdb version 1.3.3 was compromised with malware through a sophisticated phishing attack targeting the DuckDB maintainers. An attacker created a pixel-perfect copy of the npmjs.com website at npmjs.help domain and tricked a maintainer into logging in and resetting 2FA...
Linux Distros Unpatched Vulnerability : CVE-2021-31597
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized when the property exists but ...
CVE-2024-28607
The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable via a falsy isPrivate return value...
Linux Distros Unpatched Vulnerability : CVE-2021-35065
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The glob-parent package before 6.0.1 for Node.js allows ReDoS regular expression denial of service attacks against the enclosure regular expression...
Linux Distros Unpatched Vulnerability : CVE-2023-30589
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling...
MAL-2025-1913 Malicious code in paypal-expanded-integration-backend-node (npm)
--- -= Per source details. Do not edit below this line.=-...
GHSA-CPFX-964W-4JVP Authentication bypass in @sap/approuter
The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code, an attacker can steal the session of the victim by injecting malicious payload, causing High impact on confidentiality and integrity of the application...
MAL-2025-772 Malicious code in @marfeel/eslint-config-node (npm)
--- -= Per source details. Do not edit below this line.=-...