Max CVSS 9.3 Min CVSS 1.9 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2020-8277 5.0
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number
20-10-2021 - 11:15 19-11-2020 - 01:15
CVE-2019-16775 4.0
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the
20-10-2021 - 11:15 13-12-2019 - 01:15
CVE-2020-11080 5.0
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings e
17-10-2021 - 08:15 03-06-2020 - 23:15
CVE-2020-8174 9.3
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
07-10-2021 - 17:15 24-07-2020 - 22:15
CVE-2020-7774 7.5
This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true
21-07-2021 - 11:39 17-11-2020 - 13:15
CVE-2020-7598 6.8
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
21-07-2021 - 11:39 11-03-2020 - 23:15
CVE-2020-7608 4.6
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.
21-07-2021 - 11:39 16-03-2020 - 20:15
CVE-2020-15366 6.8
An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended agains
21-07-2021 - 11:39 15-07-2020 - 20:15
CVE-2020-10531 6.8
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
21-07-2021 - 11:39 12-03-2020 - 19:15
CVE-2020-8172 5.8
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
20-07-2021 - 23:15 08-06-2020 - 14:15
CVE-2019-15605 7.5
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
20-07-2021 - 23:15 07-02-2020 - 15:15
CVE-2019-15606 7.5
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
20-07-2021 - 23:15 07-02-2020 - 15:15
CVE-2019-15604 5.0
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
20-07-2021 - 23:15 07-02-2020 - 15:15
CVE-2020-15095 1.9
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and
11-01-2021 - 11:15 07-07-2020 - 19:15
CVE-2020-8201 5.8
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multit
11-01-2021 - 11:15 18-09-2020 - 21:15
CVE-2020-8252 4.6
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
13-12-2020 - 04:15 18-09-2020 - 21:15
CVE-2019-16777 5.5
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and cre
09-10-2020 - 13:36 13-12-2019 - 01:15
CVE-2019-16776 5.5
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field wou
07-10-2020 - 16:49 13-12-2019 - 01:15
CVE-2020-8252 7.5
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
30-09-2020 - 20:15 18-09-2020 - 21:15
CVE-2020-8201 6.4
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multit
29-09-2020 - 18:28 18-09-2020 - 21:15
CVE-2020-8116 7.5
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
10-09-2020 - 15:16 04-02-2020 - 20:15
Back to Top Mark selected
Back to Top