CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

vulnersOsv•added 2026/06/04 6:1 p.m.•5 views

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @abyedev/hono-dotenv (=1.0.0) +560 more potentially affected by CVE-2026-47676 via hono (>=0.5.10 <=4.12.2)

hono NPM version =0.5.10, =0.1.8-fix.3, =5.0.0, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.1.4, =2026.4.4, =1.0.2, =0.1.1, =0.0.1, =0.0.2-a, =0.1.22, =1.1.1, =1.3.0 and more Source cves: CVE-2026-47676 Source advisory: OSV:GHSA-2GCR-MFCQ-WCC3...

5.3CVSS5.4AI score0.0026EPSS

Exploits0

OSV•added 2026/05/12 9:16 p.m.•8 views

UBUNTU-CVE-2026-44240

basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial FTP banner phase, before...

7.5CVSS5.9AI score0.00465EPSS

Exploits0References3

OSV•added 2026/02/19 8:25 p.m.•5 views

DEBIAN-CVE-2026-26280

systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In...

7.8CVSS6.2AI score0.01107EPSS

Exploits1References1

Positive Technologies•added 2026/02/03 12:0 a.m.•4 views

PT-2026-6213

Name of the Vulnerable Software and Affected Versions Compressing versions 1.10.3 and prior Compressing version 2.0.0 Description Compressing, a compressing and uncompressing library for Node.js, does not validate symbolic link targets when extracting TAR archives. This allows an attacker to embe...

8.4CVSS5.7AI score0.00334EPSS

Exploits1References16

vulnersOsv•added 2026/01/21 3:41 p.m.•4 views

@aexol/opencode-tui (>=0.2.5 <=0.2.10), @alcyone-labs/arg-parser (>=2.11.0 <=2.13.4) +88 more potentially affected by CVE-2026-23736 via seroval (>=1.0.7 <=1.3.2)

seroval NPM version =1.0.7, =0.2.5, =2.11.0, =1.0.0, =1.0.0, =1.1.54, =1.1.54, =1.0.24, =0.1.0, =0.3.0, =1.0.0, =1.1.1 and more Source cves: CVE-2026-23736 Source advisory: SNYK:JS-SEROVAL-15054523...

9.8CVSS5.8AI score0.00246EPSS

Exploits0

vulnersOsv•added 2026/01/13 9:51 p.m.•5 views

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @any-code/agent (>=0.0.1 <=0.0.16) +125 more potentially affected by CVE-2026-22817 via hono (>=4.0.0 <=4.11.3)

hono NPM version =4.0.0, =0.1.8-fix.3, =0.0.1, =1.7.2, =1.7.1, =0.2.1, =0.6.1, =0.5.2, =1.0.2, =1.0.0, =4.0.0-alpha.28, =0.4.6, =1.1.54, =1.1.54, =1.1.55 and more Source cves: CVE-2026-22817 Source advisory: SNYK:JS-HONO-14927374...

8.2CVSS5.3AI score0.00141EPSS

Exploits0

RedhatCVE•added 2025/12/31 5:42 p.m.•3 views

CVE-2025-15284

A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation e.g., a=value. This bypasses the arrayLimit option, which is designed to limit the size of...

8.7CVSS5.9AI score0.0041EPSS

Exploits1References5

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-14282

Malicious code in bioql PyPI...

6.4CVSS6.3AI score0.00204EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-1440

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00551EPSS

Exploits0References4

OSV•added 2025/09/11 4:48 p.m.•3 views

CLSA-2025-1757609292 nodejs: Fix of CVE-2024-22025

CVE-2024-22025: fix resource exhaustion DoS vulnerability in fetch function...

6.5CVSS6.9AI score0.01309EPSS

Exploits0References1

OSV•added 2025/08/14 6:52 p.m.•3 views

MAL-2025-27077 Malicious code in nanotechnology-nodejs-library-nodemon (npm)

The package nanotechnology-nodejs-library-nodemon was found to contain malicious code...

7.2AI score

Exploits0

RedhatCVE•added 2025/05/13 12:29 a.m.•5 views

CVE-2025-47828