The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Node Modules ~ not comprehensive

Node.js acorn: overload via Regular Expression
An attacker can trigger an overload via Regular Expression of Node.js acorn, in order to trigger a denial of service...
NPM-1488, VIGILANCE-VUL-31744
Node.js hapi/hoek: privilege escalation via Prototype Pollution
An attacker can bypass restrictions via Prototype Pollution of Node.js hapi/hoek, in order to escalate his privileges...
NPM-1468, VIGILANCE-VUL-31578
Node.js Yarn: file corruption via Package Install
A local attacker can create a symbolic link during the Package Install, in order to alter the pointed file, with privileges of Node.js Yarn...
CVE-2019-10773, FEDORA-2020-766ce5adae, VIGILANCE-VUL-31567
Node.js set-value: privilege escalation via Prototype Pollution
An attacker can bypass restrictions via Prototype Pollution of Node.js set-value, in order to escalate his privileges...
CVE-2019-10747, FEDORA-2020-1f1c94907b, FEDORA-2020-582515fa8a, VIGILANCE-VUL-31566
Node.js mixin-deep: privilege escalation via Prototype Pollution
An attacker can bypass restrictions via Prototype Pollution of Node.js mixin-deep, in order to escalate his privileges...
CVE-2019-10746, FEDORA-2020-4a8f110332, FEDORA-2020-f80e5c0d65, VIGILANCE-VUL-31565
Node.js cordova-plugin-inappbrowser: privilege escalation via gap-iab URI
An attacker can bypass restrictions via gap-iab URI of Node.js cordova-plugin-inappbrowser, in order to escalate his privileges...
NPM-1467, VIGILANCE-VUL-31482
Node.js klona: code execution via Prototype Pollution
An attacker can use a vulnerability via Prototype Pollution of Node.js klona, in order to run code...
NPM-1463, VIGILANCE-VUL-31426
Node.js parsel: information disclosure via Hardcoded Initialization Vector
An attacker can bypass access restrictions to data via Hardcoded Initialization Vector of Node.js parsel, in order to obtain sensitive information...
NPM-1460, NPM-1461, NPM-1462, VIGILANCE-VUL-31425
Node.js hapi/boom: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Node.js hapi/boom, in order to run JavaScript code in the context of the web site...
NPM-1459, VIGILANCE-VUL-31424
Node.js hot-formula-parser: code execution via Command Injection
An attacker can use a vulnerability via Command Injection of Node.js hot-formula-parser, in order to run code...
CVE-2020-6836, NPM-1439, VIGILANCE-VUL-31308
Our database contains other pages. You can request a free trial to read them.

Display information about Node Modules ~ not comprehensive: