Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Node.js third-party modules - HackerOne Reports

View on HackerOne

307

Total Reports

58

Critical

116

High

94

Medium

34

Low

[crud-file-server] Stored XSS in filenames when directory index is served by crud-file-server

Reported by: bl4de | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - Stored

[query-mysql] SQL Injection due to lack of user input sanitization allows to run arbitrary SQL queries when fetching data from database

Reported by: bl4de | Disclosed:

Critical

Weakness: SQL Injection

Remote Command Execution vulnerability in pullit

Reported by: lirantal | Disclosed:

Critical

Weakness: Command Injection - Generic

[dy-server2] - stored Cross-Site Scripting

Reported by: tuo4n8 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

[tree-kill] RCE via insecure command concatenation (only Windows)

Reported by: mik317 | Disclosed:

High

Weakness: Code Injection

[public] Stored XSS in the filename when directories listing

Reported by: tungpun | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Bypass to defective fix of Path Traversal

Reported by: caioluders | Disclosed:

High

Weakness: Path Traversal

[glance] Access unlisted internal files/folders revealing sensitive information

Reported by: skyn3t | Disclosed:

High

Weakness: Information Exposure Through Directory Listing

[takeapeek] XSS via HTML tag injection in directory lisiting page

Reported by: skyn3t | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Stored XSS in Node-Red

Reported by: misterch0c | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Pixel flood attack cause the javascript heap out of memory

Reported by: mayaseven | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Prototype Pollution Vulnerability in mpath Package

Reported by: cris_semmle | Disclosed:

High

[bower] Arbitrary File Write through improper validation of symlinks while package extraction

Reported by: skyn3t | Disclosed:

High

Weakness: Path Traversal

[serve] Directory index of arbitrary folder available due to lack of sanitization of %2e and %2f characters in url

Reported by: bl4de | Disclosed:

Critical

Weakness: Path Traversal

[last-commit-log] Command Injection

Reported by: bilk0h | Disclosed:

High

Weakness: Command Injection - Generic

`stringstream` allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below

Reported by: chalker | Disclosed:

Medium

Weakness: Out-of-bounds Read

`put` allocates uninitialized Buffers when non-round numbers are passed in input

Reported by: chalker | Disclosed:

Low

Weakness: Out-of-bounds Read

`atob` allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below

Reported by: chalker | Disclosed:

Medium

Weakness: Out-of-bounds Read

`utile` allocates uninitialized Buffers when number is passed in input

Reported by: chalker | Disclosed:

Low

Weakness: Out-of-bounds Read

`base64url` allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below

Reported by: chalker | Disclosed:

High

Weakness: Out-of-bounds Read

Page 1 of 16 Next