CVE-2021-23388

The CVE-2021-23388 entry concerns the caolan/forms library and its email validation regex. Affected versions are before 1.2.1 and 1.3.0 through 1.3.2, where an insecure regular expression can cause a Regular Expression Denial of Service (ReDoS), potentially consuming significant CPU and slowing o...

CVE-2017-16015

CVE-2017-16015 affects the forms library (Node.js) where versions before 1.3.0 fail to properly escape HTML in generated forms, enabling cross-site scripting if input is not sanitized. The vulnerability stems from inadequate HTML escaping in the library’s form generation path. Impact is XSS in ap...