CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

vulnersOsv•added 2025/11/24 4:24 p.m.•1 views

@asyncapi/cli (>=2.5.0 <=4.1.1), @asyncapi/generator (>=2.1.3 <=2.11.0) +3 more potentially affected by unknown CVE via @asyncapi/nunjucks-filters (=2.1.0)

@asyncapi/nunjucks-filters NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/nunjucks-filters and may be impacted: - @asyncapi/cli =2.5.0, =2.1.3, =2.1.4, =0.1.0, =0.1.469 - nestjs-asyncapi =2.0.1 Source cves: unknown CVE...

5.8AI score

vulnersOsv•added 2025/11/24 12:39 p.m.•1 views

@asyncapi/cli (>=2.5.0 <=4.1.1), @asyncapi/generator (>=2.1.3 <=2.11.0) +3 more potentially affected by unknown CVE via @asyncapi/nunjucks-filters (=2.1.0)

5.8AI score

EUVD•added 2025/11/24 12:39 p.m.•2 views

EUVD-2025-198696

Malicious code in @asyncapi/nunjucks-filters npm...

6.6AI score

Exploits0References1

OSV•added 2025/11/24 12:39 p.m.•1 views

MAL-2025-190662 Malicious code in @asyncapi/nunjucks-filters (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51137a75fbced2a0515e71df0b97baf386e784c2eb5134c77ed77afdcb48fe34 The package @asyncapi/nunjucks-filters was found to contain malicious code. Source: ghsa-malware...

6.8AI score

Exploits0References4

OSV•added 2025/11/19 5:55 a.m.•0 views

MAL-2025-191161 Malicious code in ginfuru.better-nunjucks (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security c1f105a5bf6daf41b694f7cc339589ac86e57964dd2f761bc04b8ea20fe70ae8 This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

6.9AI score

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-0746

Malware in sbrugna...

6.1CVSS6.2AI score0.0038EPSS

Exploits1References7

Tenable Nessus•added 2025/08/27 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2023-2142

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two...

6.1CVSS5.6AI score0.00216EPSS

RedhatCVE•added 2024/11/26 12:53 p.m.•10 views

CVE-2023-2142

A flaw was found in Nunjucks versions prior to 3.2.4. This vulnerability can allow attackers to inject cross-site scripting XSS payloads via bypassing autoescape functionality by using a backslash \ character when two user-controlled parameters are on the same line in the views...

5.4CVSS5.5AI score0.00216EPSS

Exploits0References5

OSV•added 2024/11/26 12:15 p.m.•7 views

CVE-2023-2142

In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the backslash ...

6.1CVSS6AI score

OSV•added 2024/11/26 12:15 p.m.•1 views

DEBIAN-CVE-2023-2142

6.1CVSS5.3AI score0.00216EPSS

Exploits0References1

NVD•added 2024/11/26 12:15 p.m.•14 views

CVE-2023-2142

6.1CVSS0.00216EPSS

OSV•added 2024/11/26 12:15 p.m.•0 views

UBUNTU-CVE-2023-2142

6.1CVSS5.2AI score0.00216EPSS

Vulnrichment•added 2024/11/26 11:24 a.m.•13 views

CVE-2023-2142 Nunjucks autoescape bypass leads to cross site scripting

6.4AI score0.00216EPSS

Cvelist•added 2024/11/26 11:24 a.m.•18 views

CVE-2023-2142 Nunjucks autoescape bypass leads to cross site scripting

0.00216EPSS

Debian CVE•added 2024/11/26 11:24 a.m.•15 views

CVE-2023-2142

6.1CVSS5.3AI score0.00216EPSS

CNNVD•added 2024/11/26 12:0 a.m.•1 views

Nunjucks 安全漏洞

Nunjucks is a full-featured JavaScript template engine from the Mozilla Foundation. A security vulnerability exists in Nunjucks versions prior to v3.2.4, which stems from the ability to bypass restrictions provided by the auto-escaping feature, allowing an attacker to inject cross-site scripting...

6.1CVSS5.2AI score0.00216EPSS

OSSF Malicious Packages•added 2024/11/13 12:25 p.m.•2 views

Malicious code in themes-nunjucks-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 06e52365ba2a31a6a5b42155ec0c00fcfe7567016e44255acd479ed14c87ddd4 The OpenSSF Package Analysis project identified 'themes-nunjucks-service' @ 1.2.0 npm as malicious. It is considered malicious because: - The...

6.9AI score

Veracode•added 2023/05/03 8:16 a.m.•46 views

Cross-Site Scripting (XSS)

nunjucks is vulnerable to Cross-Site Scripting XSS. The vulnerability is caused by a bypass of the html autoescape functionality when there are two user controlled parameters on the same line of a template, which allows an attacker to inject and execute arbitrary JavaScript into the browser...

6.1CVSS6.6AI score0.00216EPSS

vulnersOsv•added 2023/04/20 9:19 p.m.•6 views

3loc (>=0.1.0 <=0.4.0), @accordproject/cicero-cli (>=0.3.4 <=0.20.11-20200413151148) +986 more potentially affected by CVE-2023-2142 via nunjucks (>=0.1.10 <=3.2.3)

nunjucks NPM version =0.1.10, =0.1.0, =0.3.4, =0.3.12-20180525105709, =0.3.4, =0.3.4, =0.11.2-20190326183124, =0.0.5, =0.1.0, =1.1.0-301, =1.3.2, =2.0.0, =0.0.5, =1.2.0, =1.4.0 - @asephermann/capacitor-filechooser =0.0.1 and more Source cves: CVE-2023-2142 Source advisory: OSV:GHSA-X77J-W7WF-FJMW...

6.1CVSS6.1AI score0.00216EPSS