Node.js Security Vulnerabilities and Issues — Node.js CVE List | Vulners.com

Lucene search

K

NodejsNode.js

7 matches found

CVE•added 2017/01/23 9:59 p.m.•52 views

CVE-2015-8855

The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."

7.8CVSS7.1AI score0.01023EPSS

CVE•added 2017/01/23 9:59 p.m.•51 views

CVE-2015-8860

The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.

7.5CVSS7.3AI score0.00365EPSS

CVE•added 2017/01/23 9:59 p.m.•50 views

CVE-2013-7453

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.

6.1CVSS5.9AI score0.00655EPSS

CVE•added 2017/01/23 9:59 p.m.•46 views

CVE-2013-7451

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag.

6.1CVSS6AI score0.00768EPSS

CVE•added 2017/01/23 9:59 p.m.•42 views

CVE-2014-9772

The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.

6.1CVSS6.1AI score0.00602EPSS

CVE•added 2017/01/23 9:59 p.m.•41 views

CVE-2013-7454

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.

6.1CVSS6AI score0.00655EPSS

CVE•added 2017/01/23 9:59 p.m.•35 views

CVE-2013-7452

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI.

6.1CVSS5.9AI score0.00676EPSS