Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Node.js third-party modules - HackerOne Reports

View on HackerOne

307

Total Reports

58

Critical

116

High

94

Medium

34

Low

[crud-file-server] Stored XSS in filenames when directory index is served by crud-file-server

Reported by: bl4de | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - Stored

[query-mysql] SQL Injection due to lack of user input sanitization allows to run arbitrary SQL queries when fetching data from database

Reported by: bl4de | Disclosed:

Critical

Weakness: SQL Injection

Remote Command Execution vulnerability in pullit

Reported by: lirantal | Disclosed:

Critical

Weakness: Command Injection - Generic

[tree-kill] RCE via insecure command concatenation (only Windows)

Reported by: mik317 | Disclosed:

High

Weakness: Code Injection

[public] Stored XSS in the filename when directories listing

Reported by: tungpun | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Bypass to defective fix of Path Traversal

Reported by: caioluders | Disclosed:

High

Weakness: Path Traversal

[glance] Access unlisted internal files/folders revealing sensitive information

Reported by: skyn3t | Disclosed:

High

Weakness: Information Exposure Through Directory Listing

[takeapeek] XSS via HTML tag injection in directory lisiting page

Reported by: skyn3t | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

[dy-server2] - stored Cross-Site Scripting

Reported by: tuo4n8 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Stored XSS in Node-Red

Reported by: misterch0c | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Pixel flood attack cause the javascript heap out of memory

Reported by: mayaseven | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Command Injection Vulnerability in libnmap Package

Reported by: cris_semmle | Disclosed:

Medium

Weakness: Command Injection - Generic

Prototype Pollution Vulnerability in mpath Package

Reported by: cris_semmle | Disclosed:

High

Command Injection is ps Package

Reported by: cris_semmle | Disclosed:

Medium

Weakness: Command Injection - Generic

Code Injection Vulnerability in dot Package

Reported by: cris_semmle | Disclosed:

High

Weakness: Code Injection

Fastify denial-of-service vulnerability with large JSON payloads

Reported by: nwoltman | Disclosed:

Critical

Weakness: Uncontrolled Resource Consumption

Prototype pollution in multipart parsing

Reported by: mcollina | Disclosed:

Critical

Weakness: Uncontrolled Resource Consumption

[zenn-cli] Path traversal on Windows allows the attacker to read arbitrary .md files

Reported by: ryotak | Disclosed:

Low

Weakness: Path Traversal

[crud-file-server] Path Traversal allows to read arbitrary file from the server

Reported by: bl4de | Disclosed:

Medium

Weakness: Path Traversal

[general-file-server] Path Traversal vulnerability allows to read content on arbitrary file on the server

Reported by: bl4de | Disclosed:

High

Weakness: Path Traversal

Page 1 of 16 Next