The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Node Modules ~ not comprehensive

Node.js bl: information disclosure
A local attacker can read a memory fragment of Node.js bl, in order to obtain sensitive information...
CVE-2020-8244, NPM-1555, VIGILANCE-VUL-33278
Node.js elliptic: information disclosure via ECDSA Signature Malleability
An attacker can bypass access restrictions to data via ECDSA Signature Malleability of Node.js elliptic, in order to obtain sensitive information...
CVE-2020-13822, NPM-1547, VIGILANCE-VUL-32975
Node.js npm-registry-fetch: information disclosure via Supports URLs
An attacker can bypass access restrictions to data via Supports URLs of Node.js npm-registry-fetch, in order to obtain sensitive information...
NPM-1544, VIGILANCE-VUL-32750
Node.js npm CLI: information disclosure via Supports URLs
An attacker can bypass access restrictions to data via Supports URLs of Node.js npm CLI, in order to obtain sensitive information...
NPM-1543, VIGILANCE-VUL-32749
Node.js jsrsasign: spoofing via Cryptographic Signature
An attacker can create spoofed data via Cryptographic Signature of Node.js jsrsasign, in order to deceive the victim...
NPM-1541, VIGILANCE-VUL-32612
Node.js sap-cloud-sdk/core: privilege escalation via verifyJwt
An attacker can bypass restrictions via verifyJwt() of Node.js sap-cloud-sdk/core, in order to escalate his privileges...
NPM-1540, VIGILANCE-VUL-32578
Node.js minimist: denial of service via Prototype Pollution
An attacker can trigger a fatal error via Prototype Pollution of Node.js minimist, in order to trigger a denial of service...
CVE-2020-7598, openSUSE-SU-2020:0802-1, RHSA-2020:2847-01, RHSA-2020:2848-01, RHSA-2020:2849-01, RHSA-2020:2852-01, RHSA-2020:2895-01, RHSA-2020:3042-01, RHSA-2020:3084-01, SUSE-SU-2020:1623-1, VIGILANCE-VUL-32538
Node.js apollo: information disclosure
An attacker can bypass access restrictions to data of Node.js apollo, in order to obtain sensitive information...
NPM-1525, NPM-1526, NPM-1527, NPM-1528, NPM-1529, NPM-1530, NPM-1531, NPM-1532, NPM-1533, NPM-1534, NPM-1535, NPM-1536, VIGILANCE-VUL-32460
Node.js bootstrap-select: Cross Site Scripting via title
An attacker can trigger a Cross Site Scripting via title of Node.js bootstrap-select, in order to run JavaScript code in the context of the web site...
NPM-1522, VIGILANCE-VUL-32311
Node.js kerberos: executing DLL code
An attacker can create a malicious DLL, and then put it in the current directory of Node.js kerberos, in order to execute code...
CVE-2020-13110, NPM-1514, VIGILANCE-VUL-32287
Our database contains other pages. You can request a free trial to read them.

Display information about Node Modules ~ not comprehensive: