The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Node Modules ~ not comprehensive

Node.js socket.io: information disclosure via CORS Misconfiguration
An attacker can bypass access restrictions to data via CORS Misconfiguration of Node.js socket.io, in order to obtain sensitive information...
NPM-1609, VIGILANCE-VUL-34642
Node.js gsap: read-write access via Prototype Pollution
An attacker can bypass access restrictions via Prototype Pollution of Node.js gsap, in order to read or alter data...
NPM-1608, VIGILANCE-VUL-34641
Node.js jointjs: read-write access via Prototype Pollution
An attacker can bypass access restrictions via Prototype Pollution of Node.js jointjs, in order to read or alter data...
NPM-1607, VIGILANCE-VUL-34640
Node.js hellojs: Cross Site Scripting via oauth_redirect
An attacker can trigger a Cross Site Scripting via oauth_redirect of Node.js hellojs, in order to run JavaScript code in the context of the web site...
NPM-1606, VIGILANCE-VUL-34639
Node.js ts-process-promises: code execution via Command Injection
An attacker can use a vulnerability via Command Injection of Node.js ts-process-promises, in order to run code...
NPM-1604, VIGILANCE-VUL-34638
Node.js jquery-validation: overload via Regular Expression
An attacker can trigger an overload via Regular Expression of Node.js jquery-validation, in order to trigger a denial of service...
CVE-2021-21252, GHSA-jxwx-85vp-gvwm, NPM-1605, NTAP-20210219-0005, OSA-2021-06, VIGILANCE-VUL-34637
Node.js immer: privilege escalation via Prototype Pollution
An attacker can bypass restrictions via Prototype Pollution of Node.js immer, in order to escalate his privileges...
NPM-1603, VIGILANCE-VUL-34633
Node.js buns: code execution via Command Injection
An attacker can use a vulnerability via Command Injection of Node.js buns, in order to run code...
NPM-1602, VIGILANCE-VUL-34632
Node.js tinymce: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Node.js tinymce, in order to run JavaScript code in the context of the web site...
NPM-1601, VIGILANCE-VUL-34631
Node.js systeminformation: privilege escalation via Prototype Pollution
An attacker can bypass restrictions via Prototype Pollution of Node.js systeminformation, in order to escalate his privileges...
6410882, CERTFR-2021-AVI-101, CVE-2020-7778, VIGILANCE-VUL-34521
Our database contains other pages. You can request a free trial to read them.

Display information about Node Modules ~ not comprehensive: