Lucene search
+L
NodejsMost viewed

1635 matches found

Node.js
Node.js
added 2018/12/21 8:4 p.m.14 views

Cross-Site Scripting

Overview Versions of mermaid prior to 8.2.3 are vulnerable to Cross-Site Scripting. If malicious input such as A"" is provided to the application, it will execute the code instead of rendering it as text due to improper output encoding. Recommendation Upgrade to version 8.2.3 or later References ...

7.1AI score
Exploits0Affected Software1
Node.js
Node.js
added 2018/11/07 10:21 p.m.14 views

Command Injection

Overview Versions of samsung-remote before 1.3.5 are vulnerable to command injection. This vulnerability is exploitable if user input is passed into the ip option of the package constructor. Recommendation Update to version 1.3.5 or later. References - HackerOne Report - Node.js security-wg -...

7.5AI score
Exploits0Affected Software1
Node.js
Node.js
added 2018/11/07 9:55 p.m.14 views

Privilege Escalation

Overview Versions of express-cart before 1.1.6 are vulnerable to privilege escalation. This vulnerability can be exploited so that normal users can escalate their privilege and add new administrator users. Recommendation Update to version 1.1.6 or later. References - HackerOne Report - Node.js...

7AI score
Exploits0Affected Software1
Node.js
Node.js
added 2018/08/09 6:53 p.m.14 views

Malicious Package

Overview All versions of soket.io are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation...

7.5AI score
Exploits0Affected Software1
Node.js
Node.js
added 2018/05/15 11:43 p.m.14 views

Malicious Package

Overview Version 8.4.3 of rc-calendar-jhorst contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 8.4.3 of this module is found...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2018/05/15 11:23 p.m.14 views

Malicious Package

Overview Version 1.0.6 of csstransformstep contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.6 of this module is found...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2018/05/15 11:14 p.m.14 views

Malicious Package

Overview Version 0.0.4 of blingjs contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.4 of this module is found installed you...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2018/05/15 11:11 p.m.14 views

Malicious Package

Overview Version 1.0.2 of awesomereactutility contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.2 of this module is found...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2018/05/15 11:7 p.m.14 views

Malicious Package

Overview Version 2.0.43 of another-date-picker contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 2.0.43 of this module is found...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2018/05/15 11:0 p.m.14 views

Malicious Package

Overview Version 0.0.9 of angular-bmap contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.9 of this module is found installe...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2016/07/22 5:58 p.m.14 views

Cross-Site Scripting

Overview Affected versions of emojione are vulnerable to cross-site scripting when user input is passed into the toShort, shortnameToImage, unicodeToImage, and toImage functions. Recommendation Update to version 1.3.1 or later. References - Issue 61 - GitHub Advisory...

4AI score0.00713EPSS
Exploits0Affected Software1
Node.js
Node.js
added 2020/06/24 9:40 p.m.13 views

Prototype Pollution

Overview Versions of json-logic-js prior to 2.0.0 are vulnerable to Prototype Pollution. The method operation allows a malicious user to modify the prototype of Object through the method property name. This causes modification of any existing property that will exist on all objects and leads to...

7.2AI score
Exploits0Affected Software1
Node.js
Node.js
added 2020/01/17 9:17 p.m.13 views

Cross-Site Scripting

Overview Versions of node-red prior to 0.20.8are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize the name field in new Flows, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 0.18.6 or later. References - HackerOne...

6.7AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/12/26 7:59 p.m.13 views

Command Injection

Overview All versions of gitting are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The pull function is vulnerable through the branch variable. Recommendation No fix i...

7.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/12/11 5:18 p.m.13 views

Command Injection

Overview All versions of node-df are vulnerable to Command Injection. The package fails to sanitize filenames passed to the file option. If this value is user-controlled it may allow attackers to run arbitrary commands in the server. Recommendation No fix is currently available. Consider using an...

7.1AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/27 10:14 p.m.13 views

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/27 10:14 p.m.13 views

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/27 10:14 p.m.13 views

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/27 10:14 p.m.13 views

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/27 10:14 p.m.13 views

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/27 10:14 p.m.13 views

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/27 10:14 p.m.13 views

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/27 10:14 p.m.13 views

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/27 10:14 p.m.13 views

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/20 12:11 a.m.13 views

Sandbox Breakout / Prototype Pollution

Overview Versions of notevil prior to 1.3.3 are vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing attacker to add or modify an object's prototype. Evaluating the payload tryab;catchee.constructor.constructor'return...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/19 11:48 p.m.13 views

Prototype Pollution

Overview All versions of safe-object2 are vulnerable to prototype pollution. The settter function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/18 7:6 p.m.13 views

Arbitrary Code Execution

Overview Versions of handlebars prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a previo...

7.6AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/07 10:10 p.m.13 views

Malicious Package

Overview All versions of sj-tw-abc contain malicious code. The package downloads and runs a script that opens a reverse shell in the system. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 6:7 p.m.13 views

Malicious Package

Overview Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 6:6 p.m.13 views

Malicious Package

Overview Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 6:6 p.m.13 views

Malicious Package

Overview Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 6:6 p.m.13 views

Malicious Package

Overview Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 6:6 p.m.13 views

Malicious Package

Overview Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 6:6 p.m.13 views

Malicious Package

Overview Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 6:6 p.m.13 views

Malicious Package

Overview Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 6:6 p.m.13 views

Malicious Package

Overview Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 6:6 p.m.13 views

Malicious Package

Overview Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 5:54 p.m.13 views

Malicious Package

Overview Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 5:54 p.m.13 views

Malicious Package

Overview Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 5:54 p.m.13 views

Malicious Package

Overview Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 5:53 p.m.13 views

Malicious Package

Overview Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 5:53 p.m.13 views

Malicious Package

Overview Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/17 7:30 p.m.13 views

Cross-Site Scripting

Overview Versions of markdown-to-jsx prior to 6.11.4 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization the package may render output containing malicious JavaScript. This vulnerability can be exploited through input of links containing data or VBScript URIs and a...

6.7AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/14 2:29 p.m.13 views

Cross-Site Scripting

Overview All versions of hexo-admin are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize rendered markdown, allowing attackers to execute arbitrary JavaScript in a victim's browser if they are able to create new posts. Recommendation No fix is currently available. Consider...

6.7AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/02 6:10 p.m.13 views

Malicious Package

Overview Version 1.0.0 of require-port contains malicious code as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server, executes it and opens ...

7.1AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/09/20 11:3 p.m.13 views

Configuration Override

Overview Versions of helmet-csp before to 2.9.1 are vulnerable to a Configuration Override affecting the application's Content Security Policy CSP. The package's browser sniffing for Firefox deletes the default-src CSP policy, which is the fallback policy. This allows an attacker to remove an...

6.7AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/09/06 6:41 p.m.13 views

Cross-Site Scripting

Overview Versions of vant prior to 2.1.8 are vulnerable to Cross-Site Scripting. The text value of the Picker component column is not sanitized, which may allow attackers to execute arbitrary JavaScript in a victim's browser. Recommendation Upgrade to version 2.1.8 or later. References - GitHub...

7.2AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/09/06 6:23 p.m.13 views

Unintended Require

Overview All versions of larvitbase-www are vulnerable to an Unintended Require. The package exposes an API endpoint and passes a GET parameter unsanitized to an require call. This allows attackers to execute any .js file in the same folder as the server is running. Recommendation No fix is...

7.1AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/09/05 8:52 p.m.13 views

Regular Expression Denial of Service

Overview Versions of simple-markdown prior to 0.5.2 are vulnerable to Regular Expression Denial of Service ReDoS. The SimpleMarkdown.defaultInlineParse function has significantly degraded performance when parsing inline code blocks. Recommendation Upgrade to version 0.5.2 or later. References -...

7.1AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/08/30 7:55 p.m.13 views

Malicious Package

Overview This package contained malicious code. The package uploaded system information such as OS and hostname to a remote server. Recommendation Remove the package from your environment. There are no indications of further compromise. References GitHub Advisory...

6.7AI score
Exploits0Affected Software1
Total number of security vulnerabilities1635