Lucene search
+L
NodejsMost viewed

1635 matches found

Node.js
Node.js
added 2019/08/30 7:55 p.m.12 views

Malicious Package

Overview This package contained malicious code. The package uploaded system information such as OS and hostname to a remote server. Recommendation Remove the package from your environment. There are no indications of further compromise. References GitHub Advisory...

6.7AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/08/30 7:55 p.m.12 views

Malicious Package

Overview This package contained malicious code. The package uploaded system information such as OS and hostname to a remote server. Recommendation Remove the package from your environment. There are no indications of further compromise. References GitHub Advisory...

6.7AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/08/05 9:27 p.m.12 views

Denial of Service

Overview Versions of grpc-ts-health-check prior to 2.0.0 are vulnerable to Denial of Service. The package exposes an API endpoint that may allow attackers to set the service's health status to failing. This can lead to Denial of Service as Kubernetes blocks traffic to services with a failing...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/07/22 2:21 p.m.12 views

Authentication Bypass

Overview Versions of otpauth prior to 3.2.8 are vulnerable to Authentication Bypass. The package's totp.validate function may return positive values for single digit tokens even if they are invalid. This may allow attackers to bypass the OTP authentication by providing single digit tokens...

7.2AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/07/17 9:37 p.m.12 views

Cross-Site Scripting

Overview Versions of bpmn-js-properties-panel prior to 0.31.0 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize input in specially configured diagrams, which may allow attackers to inject arbitrary JavaScript in the embedding website. Recommendation Upgrade to version 0.31...

6.2AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/07/15 5:38 p.m.12 views

Prototype Pollution

Overview Versions of lodash.defaultsdeep before 4.6.1 are vulnerable to Prototype Pollution. The function 'defaultsDeep' may allow a malicious user to modify the prototype of Object via proto causing the addition or modification of an existing property that will exist on all objects. Recommendati...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/07/12 10:13 p.m.12 views

Malicious Package

Overview All versions of retcodelog contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on th...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/07/12 10:13 p.m.12 views

Malicious Package

Overview All versions of node-buc contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/07/12 10:10 p.m.12 views

Malicious Package

Overview All versions of diamond-clien contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/07/10 8:39 p.m.12 views

Malicious Package

Overview All versions of only-test-not-install contain malicious code. The package deletes the folder /test from the system as a postinstall script. Recommendation Remove the package from your environment. There are no further signs of compromise. References GitHub Advisory...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/06/17 7:10 p.m.12 views

Cross-Site Scripting

Overview Versions of keystone prior to 4.0.0 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize user input on the Contact Us page, allowing attackers to submit contact forms with malicious JavaScript in the message field. The output is not properly encoded leading an admin...

6.5AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/06/10 7:9 p.m.12 views

Command Injection

Overview All versions of expressfs are vulnerable to Command Injection. The package does not validate user input on several API endpoints, allowing attackers to run arbitrary commands in the system. The affected endpoints are: expressfs.appendFile, expressfs.cp, expressfs.create and...

7.1AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/06/07 7:30 p.m.12 views

Malicious Package

Overview Version 0.1.7 of scroool contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evalua...

7AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/06/03 3:18 p.m.12 views

Malicious Package

Overview Version 2.2.0 of logsymbles contains malicious code as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server, executes it and opens a...

7.1AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/06/03 2:34 p.m.12 views

Malicious Package

Overview All versions of hulp contain malicious code as a preinstall script. When installed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation Any computer that has this package installed or running should be considered fully compromised. All...

7.6AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/05/06 2:43 p.m.12 views

Malicious Package

Overview All versions of carloprojectdiscord contain obfuscated malware that uploads Discord user tokens to a remote server. This allows attackers to make purchases on behalf of users if they have credit cards linked to their Discord accounts. Recommendation Remove the package from your...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/05/06 2:6 p.m.12 views

Malicious Package

Overview All versions of asnyc typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the...

6.6AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/05/06 2:3 p.m.12 views

Malicious Package

Overview All versions of asynnc typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the...

6.6AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/05/06 2:2 p.m.12 views

Malicious Package

Overview All versions of asinc typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the...

6.6AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/05/06 2:1 p.m.12 views

Malicious Package

Overview All versions of jajajejejiji typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether...

6.6AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/04/10 5:9 p.m.12 views

Unauthorized File Access

Overview Versions of glance prior to 3.0.7 are vulnerable to Unauthorized File Access. The package provides a --nodot option meant to hide files and directories with names that begin with a ., such as .git but fails to hide files inside a folder that begins with .. Recommendation Upgrade to versi...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/01/30 12:33 a.m.12 views

Arbitrary File Overwrite

Overview Vulnerable versions of decompress-zip are affected by the Zip-Slip vulnerability, an arbitrary file write vulnerability. The vulnerability occurs because decompress-zip does not verify that extracted files do not resolve to targets outside of the extraction root directory. Recommendation...

7AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/01/25 7:52 p.m.12 views

Remote Code Execution

Overview All versions of pivideorecording are vulnerable to Remote Code Execution. Due to insufficient input validation the server executes arbitrary code through the /api/record/start endpoint. After running the server, curl -POST -H "Content-Type: application/json" -d '"filename": " || touch...

7.7AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/01/09 10:0 p.m.12 views

Malicious Package

Overview All versions of commander-js are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads an arbitrary file and executes its contents as a post-install script...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2018/05/15 11:30 p.m.12 views

Malicious Package

Overview Version 0.0.6 of freshdom contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.6 of this module is found installed yo...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/27 10:14 p.m.11 views

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/27 10:14 p.m.11 views

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/27 10:14 p.m.11 views

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/27 10:14 p.m.11 views

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/27 10:14 p.m.11 views

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/27 10:14 p.m.11 views

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/27 10:14 p.m.11 views

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/27 10:14 p.m.11 views

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/15 6:28 p.m.11 views

Malicious Package

Overview All versions of malicious-npm-package contain malicious code. The malware targets Windows systems. It runs a powershell command that downloads an executable file from a remote server and runs it. Recommendation Any computer that has this package installed or running should be considered...

7AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/07 1:55 p.m.11 views

Malicious Package

Overview All versions of sj-tw-sec contain malicious code. The package downloads and runs a script that opens a reverse shell in the system. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 6:6 p.m.11 views

Malicious Package

Overview Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 6:6 p.m.11 views

Malicious Package

Overview Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 6:6 p.m.11 views

Malicious Package

Overview Version 0.8.0 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 5:54 p.m.11 views

Malicious Package

Overview Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 5:54 p.m.11 views

Malicious Package

Overview Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 5:54 p.m.11 views

Malicious Package

Overview Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 5:54 p.m.11 views

Malicious Package

Overview Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 5:53 p.m.11 views

Malicious Package

Overview Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 5:53 p.m.11 views

Malicious Package

Overview Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 5:53 p.m.11 views

Malicious Package

Overview Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 5:53 p.m.11 views

Malicious Package

Overview Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 5:53 p.m.11 views

Malicious Package

Overview Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 5:53 p.m.11 views

Malicious Package

Overview Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/10/25 5:53 p.m.11 views

Malicious Package

Overview Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised. References GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/09/16 9:30 p.m.11 views

Denial of Service

Overview All versions of subtext are vulnerable to Denial of Service DoS. The package fails to enforce the maxBytes configuration for payloads with chunked encoding that are written to the file system. This allows attackers to send requests with arbitrary payload sizes, which may exhaust system...

7AI score
Exploits0Affected Software1
Total number of security vulnerabilities1635