Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Node.js third-party modules - HackerOne Reports

View on HackerOne

307

Total Reports

58

Critical

116

High

94

Medium

34

Low

Prototype pollution attack (lodash / constructor.prototype)

Reported by: asgerf | Disclosed:

High

Weakness: Uncontrolled Resource Consumption

Prototype pollution attack (defaults-deep / constructor.prototype)

Reported by: asgerf | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Remote code executio in NPM package getcookies

Reported by: tiblu | Disclosed:

Critical

Weakness: Code Injection

Arbitrary code execution via untrusted schemas in is-my-json-valid

Reported by: chalker | Disclosed:

Medium

Weakness: Code Injection

[socket.io] Cross-Site Websocket Hijacking

Reported by: sh1yo | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

[zenn-cli] Path traversal on Windows allows the attacker to read arbitrary .md files

Reported by: ryotak | Disclosed:

Low

Weakness: Path Traversal

[is-my-json-valid] ReDoS via 'style' format

Reported by: chalker | Disclosed:

High

Weakness: Uncontrolled Resource Consumption

Prototype pollution attack (lodash)

Reported by: macasun | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

[json8-merge-patch] Prototype Pollution

Reported by: gkmr | Disclosed:

High

Weakness: Modification of Assumed-Immutable Data (MAID)

[ts-dot-prop] Prototype Pollution

Reported by: prathis | Disclosed:

Medium

[listening-processes] Command Injection

Reported by: notpwnguy | Disclosed:

Critical

Weakness: OS Command Injection

[larvitbase-api] Unintended Require

Reported by: ermilov | Disclosed:

Medium

Weakness: Remote File Inclusion

Prototype pollution attack (merge.recursive)

Reported by: asgerf | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

Prototype pollution attack (extend)

Reported by: asgerf | Disclosed:

Critical

Weakness: Uncontrolled Resource Consumption

stored xss in scrape-metadata when reading metadata from an html page

Reported by: johnssimon007 | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

[json-bigint] DoS via `proto` assignment

Reported by: chalker | Disclosed:

High

Weakness: Uncontrolled Resource Consumption

[metascraper] Stored XSS in Open Graph meta properties read by metascrapper

Reported by: bl4de | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - Stored

[simplehttpserver] Stored XSS in file names leads to malicious JavaScript code execution when directory listing is output in HTML

Reported by: bl4de | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - Stored

[node-srv] Path Traversal allows to read arbitrary files from remote server

Reported by: bl4de | Disclosed:

High

Weakness: Path Traversal

[crud-file-server] Stored XSS in filenames when directory index is served by crud-file-server

Reported by: bl4de | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - Stored

Previous Page 2 of 16 Next