EUVD-2021-2379

Malware in sbrugna...

EUVD-2022-6547

Malicious code in bioql PyPI...

CVE-2019-19729

An issue was discovered in the BSON ObjectID aka bson-objectid package 1.3.0 for Node.js. ObjectID allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects bsontype==ObjectID in the user-input...

Linux Distros Unpatched Vulnerability : CVE-2021-33502

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has...

CVE-2024-39943

rejetto HFS aka HTTP File Server 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users if they have Upload permissions. This occurs because a shell is used to execute df i.e., with execSync instead of spawnSync in childprocess in Node.js...

Medium: nodejs

Issue Overview: In some cases Node.js did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service...

node-mpv command injection vulnerability

node-mpv is a wrapper to use the mpv player for node.js. A command injection vulnerability exists in node-mpv 1.4.3 and earlier. An attacker can exploit this vulnerability to execute arbitrary commands via the options parameter...