CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2022-6274

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.00513EPSS

Exploits1References4

Veracode•added 2022/07/26 6:32 a.m.•14 views

Command Injection

xopen is vulnerable to command injection. The vulnerability exists in xopenfilepath function in index.js because the command execution implementation is not properly handled which allows an attacker to inject and execute malicious commands...

9.8CVSS9.4AI score0.00513EPSS

Exploits1References3Affected Software1

Github Security Blog•added 2022/07/26 12:1 a.m.•21 views

xopen is vulnerable to OS Command Injection in Exported Function xopen(filepath)

A command injection vulnerability affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopenfilepath...

9.8CVSS9.4AI score0.00513EPSS

Exploits1References4Affected Software1

OSV•added 2022/07/26 12:1 a.m.•8 views

GHSA-74WF-CWJG-9CF2 xopen is vulnerable to OS Command Injection in Exported Function xopen(filepath)

A command injection vulnerability affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopenfilepath...

9.8CVSS9.8AI score0.00513EPSS

Exploits1References4

NVD•added 2022/07/25 2:15 p.m.•7 views

CVE-2020-28447

This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopenfilepath...

9.8CVSS0.00513EPSS

Exploits1References1

Prion•added 2022/07/25 2:15 p.m.•9 views

Design/Logic Flaw

This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopenfilepath...

7.5CVSS9.6AI score0.00513EPSS

Exploits1References1

Cvelist•added 2022/07/25 2:11 p.m.•11 views

CVE-2020-28447 Command Injection

This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopenfilepath...

9.8CVSS9.7AI score0.00513EPSS

Exploits1References1

CVE•added 2022/07/25 2:11 p.m.•39 views

CVE-2020-28447

The CVE-2020-28447 entry corresponds to a command-injection vulnerability in the xopen npm package. Affected software: all versions of xopen. Root cause: in xopen(filepath) located in index.js, the code executes OS commands without proper sanitization (injection point at line 14). Impact: enables...

9.8CVSS9.7AI score0.00513EPSS

Exploits1References1Affected Software1

CNNVD•added 2022/07/25 12:0 a.m.•1 views

xopen 命令注入漏洞

xopen is a package from Andrew Imm, a personal developer. It provides a very simple Promise API for opening files from Node on Windows, macOS and Linux. A security vulnerability exists in xopen that stems from a command injection attack injection point in the xopenfilepath function in the index.j...

9.8CVSS8.3AI score0.00513EPSS

Exploits1References2

Positive Technologies•added 2021/02/01 12:0 a.m.•2 views

PT-2021-2030 · Xopen · Xopen

Name of the Vulnerable Software and Affected Versions: xopen versions all Description: The issue is related to a command injection vulnerability in the xopenfilepath function. This vulnerability exists due to the lack of neutralization of special elements used in the operating system command...

10CVSS9.7AI score0.00513EPSS

Exploits1References9

Snyk•added 2021/01/26 10:24 a.m.•2 views

Command Injection

Overview xopen is a package that provides a dead-simple Promise API for opening files from Node on Windows, macOS, and Linux. Affected versions of this package are vulnerable to Command Injection. The injection point is located in line 14 in index.js in the exported function xopenfilepath PoC: va...

9.8CVSS7.3AI score0.00513EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by