CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

7.5CVSS6.3AI score0.0056EPSS

Exploits0References3

RedhatCVE•added 2025/09/26 8:51 p.m.•5 views

CVE-2025-57353

The Runtime components of messageformat package for Node.js before 3.0.2 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the prototype chain of JavaScript objects by providing...

5.3CVSS7AI score0.00131EPSS

Exploits0References1

OSV•added 2025/09/26 9:37 a.m.•1 views

MAL-2025-47699 Malicious code in nodejs-example-google-cloud-monitoring (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score

Exploits0

GithubExploit•added 2025/09/25 5:53 p.m.•172 views

server-sqli

This is a PoC exploit for CVE-YYYY-NNNN, an intentional SQL inje...

9.3AI score

Exploits0

Tenable Nessus•added 2025/09/25 12:0 a.m.•4 views

Multiple Node.js Modules compromised in supply chain attack to harvest credentials (Shai-Hulud) (11/25/2025)

The remote host has a version of one or more Node.js modules installed known to be compromised in a supply chain attack Shai-Hulud. The modules that are vulnerable are referenced here: - https://github.com/tenable/shai-hulud-second-coming-affected-packages/blob/main/list.md. A malicious update to...

5.7AI score

Exploits0References3

OSV•added 2025/09/24 6:30 p.m.•1 views

GHSA-2488-W585-72CH counterpart vulnerable to prototype pollution

A vulnerability exists in the counterpart library for Node.js and the browser due to insufficient sanitization of user-controlled input in translation key processing. The affected versions prior to 0.18.6 allow attackers to manipulate the library's translation functionality by supplying malicious...

6.5CVSS6.5AI score0.0085EPSS

Exploits0References4

IBM Security Bulletins•added 2025/09/24 2:59 p.m.•4 views

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java, Node.js and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, Node.js and IBM WebSphere Application Server Liberty used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2025-36000 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to...

8.1CVSS6.6AI score0.02123EPSS

Exploits1Affected Software1

CVE•added 2025/09/24 12:0 a.m.•11 views

CVE-2025-57353

CVE-2025-57353 affects the Runtime components of the Node.js messageformat package (versions before 3.0.2). The issue is a prototype pollution vulnerability caused by insufficient validation of nested message keys during processing, allowing an attacker to modify Object.prototype and inject arbit...

5.3CVSS6.6AI score0.00131EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by