The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Node Modules ~ not comprehensive

Node.js xml-crypto: bypassing signature check
An attacker can make Node.js xml-crypto accept a message authentication code instead of a signature, in order to escalate his privileges...
NPM-1583, VIGILANCE-VUL-33980
Node.js jquery: Cross Site Scripting via Script Whitespace
An attacker can trigger a Cross Site Scripting via Script Whitespace of Node.js jquery, in order to run JavaScript code in the context of the web site...
6367943, CVE-2020-7656, NTAP-20200528-0001, VIGILANCE-VUL-33950
Node.js semantic-release: information disclosure via Secrets
An attacker can bypass access restrictions to data via Secrets of Node.js semantic-release, in order to obtain sensitive information...
NPM-1582, VIGILANCE-VUL-33941
Node.js scratch-svg-renderer: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Node.js scratch-svg-renderer, in order to run JavaScript code in the context of the web site...
NPM-1575, VIGILANCE-VUL-33860
Node.js object-path: read-write access via Prototype Pollution
An attacker can bypass access restrictions via Prototype Pollution of Node.js object-path, in order to read or alter data...
NPM-1573, VIGILANCE-VUL-33625
Node.js npm-user-validate: overload via Regular Expression
An attacker can trigger an overload via Regular Expression of Node.js npm-user-validate, in order to trigger a denial of service...
NPM-1572, VIGILANCE-VUL-33621
Node.js dot-prop: read-write access via Prototype Pollution
An attacker can bypass access restrictions via Prototype Pollution of Node.js dot-prop, in order to read or alter data...
CVE-2020-8116, RHSA-2020:4272-01, RHSA-2020:4903-01, RHSA-2020:5086-01, VIGILANCE-VUL-33618
Node.js nats: information disclosure
An attacker can bypass access restrictions to data of Node.js nats, in order to obtain sensitive information...
NPM-1567, VIGILANCE-VUL-33530
Node.js jison: code execution via Command Injection
An attacker can use a vulnerability via Command Injection of Node.js jison, in order to run code...
NPM-1566, VIGILANCE-VUL-33529
Node.js next: open redirect
An attacker can deceive the user of Node.js next, in order to redirect him to a malicious site...
NPM-1565, VIGILANCE-VUL-33528
Our database contains other pages. You can request a free trial to read them.

Display information about Node Modules ~ not comprehensive: