Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Node.js third-party modules - HackerOne Reports

View on HackerOne

307

Total Reports

58

Critical

116

High

94

Medium

34

Low

[angular-http-server] Path Traversal in angular-http-server.js allows to read arbitrary file from the remote server

Reported by: bl4de | Disclosed:

High

Weakness: Path Traversal

Server-side Template Injection in lodash.js

Reported by: zerohex | Disclosed:

High

Weakness: Code Injection

Prototype pollution attack (deap)

Reported by: holyvier | Disclosed:

Low

[crud-file-server] Path Traversal allows to read arbitrary file from the server

Reported by: bl4de | Disclosed:

Medium

Weakness: Path Traversal

Prototype pollution attack (Hoek)

Reported by: holyvier | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

Prototype pollution attack (merge-objects)

Reported by: holyvier | Disclosed:

Medium

Prototype pollution attack (lodash)

Reported by: holyvier | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

[general-file-server] Path Traversal vulnerability allows to read content on arbitrary file on the server

Reported by: bl4de | Disclosed:

High

Weakness: Path Traversal

Prototype pollution attack (defaults-deep)

Reported by: holyvier | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

[file-static-server] Path Traversal allows to read content of arbitrary file on the server

Reported by: bl4de | Disclosed:

Low

Weakness: Path Traversal

[glance] Stored XSS via file name allows to run arbitrary JavaScript when directory listing is displayed in browser

Reported by: bl4de | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Stored

Prototype pollution attack (assign-deep)

Reported by: holyvier | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

Prototype pollution attack (merge-deep)

Reported by: holyvier | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

[public] Stored XSS in filenames in directory served by public

Reported by: bl4de | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Stored

Server Side Request Forgery in Uppy npm module

Reported by: 3sl4m-s4l3m | Disclosed:

High

Weakness: Server-Side Request Forgery (SSRF)

[simplehttpserver] List any file in the folder by using path traversal.

Reported by: n0n4me | Disclosed:

High

Weakness: Path Traversal

[chart.js] Prototype pollution

Reported by: asgerf | Disclosed:

Low

Weakness: Modification of Assumed-Immutable Data (MAID)

Command injection in 'pdf-image'

Reported by: defmax | Disclosed:

Medium

Weakness: Command Injection - Generic

[klona] Prototype pollution

Reported by: skyn3t | Disclosed:

Critical

[crud-file-server] Stored XSS in filenames when directory index is served by crud-file-server

Reported by: bl4de | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - Stored

Previous Page 3 of 16 Next