| cryptiles |
CVE-2018-1000620 |
严重 |
3.1.2 |
>=4.1.2 |
nodejs-cryptiles: Insecure randomness causes the randomDigits() function returns a pseudo-random data string biased to certain digits
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-1000620
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2018-07-09 20:29 修改: 2023-03-31 20:15
|
| deep-extend |
CVE-2018-3750 |
严重 |
0.4.2 |
0.5.1 |
nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-3750
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2018-07-03 21:29 修改: 2018-08-23 13:12
|
| deep-extend |
CVE-2018-3750 |
严重 |
0.4.2 |
0.5.1 |
nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-3750
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2018-07-03 21:29 修改: 2018-08-23 13:12
|
| https-proxy-agent |
CVE-2018-3739 |
严重 |
2.1.0 |
2.2.0 |
nodejs-https-proxy-agent: Unsanitized options passed to Buffer() allow for denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-3739
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2018-06-07 02:29 修改: 2019-10-09 23:40
|
| https-proxy-agent |
CVE-2018-3739 |
严重 |
2.1.0 |
2.2.0 |
nodejs-https-proxy-agent: Unsanitized options passed to Buffer() allow for denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-3739
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2018-06-07 02:29 修改: 2019-10-09 23:40
|
| json-schema |
CVE-2021-3918 |
严重 |
0.2.3 |
0.4.0 |
nodejs-json-schema: Prototype pollution vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3918
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2021-11-13 09:15 修改: 2023-02-03 19:15
|
| json-schema |
CVE-2021-3918 |
严重 |
0.2.3 |
0.4.0 |
nodejs-json-schema: Prototype pollution vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3918
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2021-11-13 09:15 修改: 2023-02-03 19:15
|
| lodash |
CVE-2019-10744 |
严重 |
3.10.1 |
4.17.12 |
nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10744
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2019-07-26 00:15 修改: 2024-01-21 02:45
|
| lodash |
CVE-2019-10744 |
严重 |
3.10.1 |
4.17.12 |
nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10744
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2019-07-26 00:15 修改: 2024-01-21 02:45
|
| lodash |
CVE-2019-10744 |
严重 |
4.17.11 |
4.17.12 |
nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10744
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2019-07-26 00:15 修改: 2024-01-21 02:45
|
| lodash |
CVE-2019-10744 |
严重 |
4.17.11 |
4.17.12 |
nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10744
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2019-07-26 00:15 修改: 2024-01-21 02:45
|
| minimist |
CVE-2021-44906 |
严重 |
0.0.8 |
1.2.6, 0.2.4 |
minimist: prototype pollution
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44906
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2022-03-17 16:15 修改: 2024-06-21 19:15
|
| minimist |
CVE-2021-44906 |
严重 |
0.0.8 |
1.2.6, 0.2.4 |
minimist: prototype pollution
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44906
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2022-03-17 16:15 修改: 2024-06-21 19:15
|
| minimist |
CVE-2021-44906 |
严重 |
0.0.8 |
1.2.6, 0.2.4 |
minimist: prototype pollution
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44906
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2022-03-17 16:15 修改: 2024-06-21 19:15
|
| minimist |
CVE-2021-44906 |
严重 |
1.2.0 |
1.2.6, 0.2.4 |
minimist: prototype pollution
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44906
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2022-03-17 16:15 修改: 2024-06-21 19:15
|
| minimist |
CVE-2021-44906 |
严重 |
1.2.0 |
1.2.6, 0.2.4 |
minimist: prototype pollution
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44906
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2022-03-17 16:15 修改: 2024-06-21 19:15
|
| minimist |
CVE-2021-44906 |
严重 |
1.2.0 |
1.2.6, 0.2.4 |
minimist: prototype pollution
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44906
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2022-03-17 16:15 修改: 2024-06-21 19:15
|
| mixin-deep |
CVE-2019-10746 |
严重 |
1.3.1 |
1.3.2, 2.0.1 |
nodejs-mixin-deep: prototype pollution in function mixin-deep
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10746
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2019-08-23 17:15 修改: 2023-11-07 03:02
|
| mysql2 |
CVE-2024-21508 |
严重 |
1.6.1 |
3.9.4 |
mysql2: Remote Code Execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21508
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2024-04-11 05:15 修改: 2024-04-11 12:47
|
| mysql2 |
CVE-2024-21511 |
严重 |
1.6.1 |
3.9.7 |
mysql2: Arbitrary Code Injection due to improper sanitization of the timezone parameter
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21511
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2024-04-23 05:15 修改: 2024-04-23 12:52
|
| nodemailer |
CVE-2020-7769 |
严重 |
4.6.8 |
6.4.16 |
This affects the package nodemailer before 6.4.16. Use of crafted reci ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7769
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2020-11-12 09:15 修改: 2021-07-21 11:39
|
| sequelize |
CVE-2019-10748 |
严重 |
4.38.1 |
3.35.1, 4.44.3, 5.8.11 |
SQL Injection in sequelize
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10748
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2019-10-29 19:15 修改: 2023-11-07 03:02
|
| sequelize |
CVE-2019-10752 |
严重 |
4.38.1 |
4.44.3, 5.15.1 |
SQL Injection in sequelize
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10752
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2019-10-17 19:15 修改: 2023-11-07 03:02
|
| sequelize |
CVE-2023-22578 |
严重 |
4.38.1 |
6.29.0 |
Sequelize - Default support for “raw attributes” when using parentheses
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22578
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2023-02-16 15:15 修改: 2023-03-03 19:23
|
| sequelize |
CVE-2023-22579 |
严重 |
4.38.1 |
6.28.1 |
Unsafe fall-through in getWhereConditions
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22579
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2023-02-16 15:15 修改: 2023-04-28 18:50
|
| sequelize |
CVE-2023-25813 |
严重 |
4.38.1 |
6.19.1 |
Sequelize vulnerable to SQL Injection via replacements
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-25813
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2023-02-22 19:15 修改: 2023-03-03 02:04
|
| set-value |
CVE-2019-10747 |
严重 |
0.4.3 |
2.0.1, 3.0.1 |
nodejs-set-value: prototype pollution in function set-value
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10747
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2019-08-23 17:15 修改: 2023-11-07 03:02
|
| set-value |
CVE-2019-10747 |
严重 |
2.0.0 |
2.0.1, 3.0.1 |
nodejs-set-value: prototype pollution in function set-value
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10747
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2019-08-23 17:15 修改: 2023-11-07 03:02
|
| async |
CVE-2021-43138 |
高危 |
2.6.1 |
3.2.2, 2.6.4 |
async: Prototype Pollution in async
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43138
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2022-04-06 17:15 修改: 2024-06-21 19:15
|
| aws-sdk |
CVE-2020-28472 |
高危 |
2.315.0 |
2.814.0 |
Prototype Pollution via file load in aws-sdk and @aws-sdk/shared-ini-file-loader
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28472
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2021-01-19 11:15 修改: 2021-01-28 15:16
|
| https-proxy-agent |
NSWG-ECO-388 |
高危 |
2.1.0 |
>=2.2.0 |
Denial of Service
漏洞详情: https://hackerone.com/reports/319532
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| https-proxy-agent |
NSWG-ECO-388 |
高危 |
2.1.0 |
>=2.2.0 |
Denial of Service
漏洞详情: https://hackerone.com/reports/319532
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| ini |
CVE-2020-7788 |
高危 |
1.3.4 |
1.3.6 |
nodejs-ini: Prototype pollution via malicious INI file
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7788
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2020-12-11 11:15 修改: 2022-12-02 19:40
|
| ini |
CVE-2020-7788 |
高危 |
1.3.5 |
1.3.6 |
nodejs-ini: Prototype pollution via malicious INI file
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7788
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2020-12-11 11:15 修改: 2022-12-02 19:40
|
| ip |
CVE-2024-29415 |
高危 |
1.1.5 |
|
node-ip: Incomplete fix for CVE-2023-42282
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29415
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2024-05-27 20:15 修改: 2024-08-16 14:35
|
| ip |
CVE-2024-29415 |
高危 |
1.1.5 |
|
node-ip: Incomplete fix for CVE-2023-42282
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29415
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2024-05-27 20:15 修改: 2024-08-16 14:35
|
| axios |
CVE-2019-10742 |
高危 |
0.16.2 |
0.18.1 |
Axios up to and including 0.18.0 allows attackers to cause a denial of ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10742
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2019-05-07 19:29 修改: 2021-07-21 11:39
|
| axios |
CVE-2021-3749 |
高危 |
0.16.2 |
0.21.2 |
nodejs-axios: Regular expression denial of service in trim function
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3749
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2021-08-31 11:15 修改: 2023-11-07 03:38
|
| jsonwebtoken |
CVE-2022-23539 |
高危 |
8.3.0 |
9.0.0 |
jsonwebtoken: Unrestricted key type could lead to legacy keys usagen
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23539
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2022-12-23 00:15 修改: 2024-06-21 19:15
|
| kind-of |
CVE-2019-20149 |
高危 |
6.0.2 |
6.0.3 |
nodejs-kind-of: ctorName in index.js allows external user input to overwrite certain internal attributes
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20149
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2019-12-30 19:15 修改: 2020-08-24 17:37
|
| body-parser |
CVE-2024-45590 |
高危 |
1.18.2 |
1.20.3 |
body-parser: Denial of Service Vulnerability in body-parser
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45590
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2024-09-10 16:15 修改: 2024-09-20 16:26
|
| body-parser |
CVE-2024-45590 |
高危 |
1.18.3 |
1.20.3 |
body-parser: Denial of Service Vulnerability in body-parser
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45590
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2024-09-10 16:15 修改: 2024-09-20 16:26
|
| lodash |
CVE-2018-16487 |
高危 |
3.10.1 |
>=4.17.11 |
lodash: Prototype pollution in utilities function
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-16487
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2019-02-01 18:29 修改: 2020-09-18 16:38
|
| lodash |
CVE-2018-16487 |
高危 |
3.10.1 |
>=4.17.11 |
lodash: Prototype pollution in utilities function
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-16487
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2019-02-01 18:29 修改: 2020-09-18 16:38
|
| lodash |
CVE-2020-8203 |
高危 |
3.10.1 |
4.17.19 |
nodejs-lodash: prototype pollution in zipObjectDeep function
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8203
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2020-07-15 17:15 修改: 2024-01-21 02:37
|
| lodash |
CVE-2020-8203 |
高危 |
3.10.1 |
4.17.19 |
nodejs-lodash: prototype pollution in zipObjectDeep function
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8203
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2020-07-15 17:15 修改: 2024-01-21 02:37
|
| lodash |
CVE-2021-23337 |
高危 |
3.10.1 |
4.17.21 |
nodejs-lodash: command injection via template
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23337
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2021-02-15 13:15 修改: 2022-09-13 21:25
|
| lodash |
CVE-2021-23337 |
高危 |
3.10.1 |
4.17.21 |
nodejs-lodash: command injection via template
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23337
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2021-02-15 13:15 修改: 2022-09-13 21:25
|
| braces |
CVE-2024-4068 |
高危 |
2.3.2 |
3.0.3 |
braces: fails to limit the number of characters it can handle
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4068
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2024-05-14 15:42 修改: 2024-07-03 02:07
|
| ansi-regex |
CVE-2021-3807 |
高危 |
3.0.0 |
6.0.1, 5.0.1, 4.1.1, 3.0.1 |
nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3807
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2021-09-17 07:15 修改: 2023-07-10 19:01
|
| lodash |
CVE-2020-8203 |
高危 |
4.17.11 |
4.17.19 |
nodejs-lodash: prototype pollution in zipObjectDeep function
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8203
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2020-07-15 17:15 修改: 2024-01-21 02:37
|
| lodash |
CVE-2020-8203 |
高危 |
4.17.11 |
4.17.19 |
nodejs-lodash: prototype pollution in zipObjectDeep function
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8203
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2020-07-15 17:15 修改: 2024-01-21 02:37
|
| lodash |
CVE-2021-23337 |
高危 |
4.17.11 |
4.17.21 |
nodejs-lodash: command injection via template
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23337
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2021-02-15 13:15 修改: 2022-09-13 21:25
|
| lodash |
CVE-2021-23337 |
高危 |
4.17.11 |
4.17.21 |
nodejs-lodash: command injection via template
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23337
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2021-02-15 13:15 修改: 2022-09-13 21:25
|
| lodash.merge |
GHSA-h726-x36v-rx45 |
高危 |
4.6.1 |
4.6.2 |
Prototype Pollution in lodash.merge
漏洞详情: https://github.com/advisories/GHSA-h726-x36v-rx45
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| minimatch |
CVE-2022-3517 |
高危 |
3.0.4 |
3.0.5 |
nodejs-minimatch: ReDoS via the braceExpand function
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3517
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2022-10-17 20:15 修改: 2023-11-07 03:51
|
| minimatch |
CVE-2022-3517 |
高危 |
3.0.4 |
3.0.5 |
nodejs-minimatch: ReDoS via the braceExpand function
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3517
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2022-10-17 20:15 修改: 2023-11-07 03:51
|
| minimatch |
CVE-2022-3517 |
高危 |
3.0.4 |
3.0.5 |
nodejs-minimatch: ReDoS via the braceExpand function
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3517
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2022-10-17 20:15 修改: 2023-11-07 03:51
|
| minimatch |
CVE-2022-3517 |
高危 |
3.0.4 |
3.0.5 |
nodejs-minimatch: ReDoS via the braceExpand function
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3517
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2022-10-17 20:15 修改: 2023-11-07 03:51
|
| minimatch |
CVE-2022-3517 |
高危 |
3.0.4 |
3.0.5 |
nodejs-minimatch: ReDoS via the braceExpand function
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3517
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2022-10-17 20:15 修改: 2023-11-07 03:51
|
| minimatch |
CVE-2022-3517 |
高危 |
3.0.4 |
3.0.5 |
nodejs-minimatch: ReDoS via the braceExpand function
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3517
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2022-10-17 20:15 修改: 2023-11-07 03:51
|
| decode-uri-component |
CVE-2022-38900 |
高危 |
0.2.0 |
0.2.1 |
decode-uri-component: improper input validation resulting in DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38900
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2022-11-28 13:15 修改: 2023-11-07 03:50
|
| decode-uri-component |
CVE-2022-38900 |
高危 |
0.2.0 |
0.2.1 |
decode-uri-component: improper input validation resulting in DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38900
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2022-11-28 13:15 修改: 2023-11-07 03:50
|
| ansi-regex |
CVE-2021-3807 |
高危 |
3.0.0 |
6.0.1, 5.0.1, 4.1.1, 3.0.1 |
nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3807
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2021-09-17 07:15 修改: 2023-07-10 19:01
|
| ansi-regex |
CVE-2021-3807 |
高危 |
3.0.0 |
6.0.1, 5.0.1, 4.1.1, 3.0.1 |
nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3807
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2021-09-17 07:15 修改: 2023-07-10 19:01
|
| dot-prop |
CVE-2020-8116 |
高危 |
4.2.0 |
4.2.1, 5.1.1 |
nodejs-dot-prop: prototype pollution
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8116
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2020-02-04 20:15 修改: 2022-08-05 19:32
|
| dot-prop |
CVE-2020-8116 |
高危 |
4.2.0 |
4.2.1, 5.1.1 |
nodejs-dot-prop: prototype pollution
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8116
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2020-02-04 20:15 修改: 2022-08-05 19:32
|
| dottie |
CVE-2023-26132 |
高危 |
2.0.0 |
2.0.4 |
Versions of the package dottie before 2.0.4 are vulnerable to Prototyp ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26132
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2023-06-10 05:15 修改: 2023-11-07 04:09
|
| moment |
CVE-2022-24785 |
高危 |
2.22.2 |
2.29.2 |
Moment.js: Path traversal in moment.locale
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24785
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2022-04-04 17:15 修改: 2023-11-07 03:44
|
| moment |
CVE-2022-24785 |
高危 |
2.22.2 |
2.29.2 |
Moment.js: Path traversal in moment.locale
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24785
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2022-04-04 17:15 修改: 2023-11-07 03:44
|
| moment |
CVE-2022-31129 |
高危 |
2.22.2 |
2.29.4 |
moment: inefficient parsing algorithm resulting in DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-31129
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2022-07-06 18:15 修改: 2023-11-07 03:47
|
| moment |
CVE-2022-31129 |
高危 |
2.22.2 |
2.29.4 |
moment: inefficient parsing algorithm resulting in DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-31129
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2022-07-06 18:15 修改: 2023-11-07 03:47
|
| follow-redirects |
CVE-2022-0155 |
高危 |
1.5.8 |
1.14.7 |
follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0155
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2022-01-10 20:15 修改: 2022-10-28 17:54
|
| fstream |
CVE-2019-13173 |
高危 |
1.0.11 |
1.0.12 |
nodejs-fstream: File overwrite in fstream.DirWriter() function
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-13173
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2019-07-02 20:15 修改: 2020-08-24 17:37
|
| mysql2 |
CVE-2024-21512 |
高危 |
1.6.1 |
3.9.8 |
mysql2: vulnerable to Prototype Pollution due to improper user input sanitization
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21512
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2024-05-29 05:16 修改: 2024-06-06 13:15
|
| hawk |
CVE-2022-29167 |
高危 |
6.0.2 |
9.0.1 |
hawk: REDoS in hawk.utils.parseHost() when parsing Host header
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29167
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2022-05-05 23:15 修改: 2023-07-21 16:42
|
| npm |
CVE-2018-7408 |
高危 |
5.6.0 |
5.7.1 |
Incorrect Permission Assignment for Critical Resource in NPM
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-7408
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2018-02-22 18:29 修改: 2019-10-03 00:03
|
| npm |
CVE-2019-16775 |
高危 |
5.6.0 |
6.13.3 |
npm: Symlink reference outside of node_modules folder through the bin field upon installation
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16775
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2019-12-13 01:15 修改: 2023-11-07 03:05
|
| npm |
CVE-2019-16776 |
高危 |
5.6.0 |
6.13.3 |
npm: Arbitrary file write via constructed entry in the package.json bin field
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16776
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2019-12-13 01:15 修改: 2023-11-07 03:05
|
| npm |
CVE-2019-16777 |
高危 |
5.6.0 |
6.13.4 |
npm: Global node_modules Binary Overwrite
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16777
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2019-12-13 01:15 修改: 2023-11-07 03:05
|
| npm-user-validate |
CVE-2020-7754 |
高危 |
1.0.0 |
1.0.1 |
nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7754
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2020-10-27 15:15 修改: 2020-10-27 17:31
|
| path-to-regexp |
CVE-2024-45296 |
高危 |
0.1.7 |
1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 |
path-to-regexp: Backtracking regular expressions cause ReDoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45296
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2024-09-09 19:15 修改: 2024-09-10 12:09
|
| pug |
CVE-2021-21353 |
高危 |
2.0.3 |
3.0.1 |
pug: user provided objects as input to pug templates can achieve remote code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21353
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2021-03-03 02:15 修改: 2021-03-09 15:35
|
| pug-code-gen |
CVE-2021-21353 |
高危 |
2.0.1 |
2.0.3, 3.0.2 |
pug: user provided objects as input to pug templates can achieve remote code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21353
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2021-03-03 02:15 修改: 2021-03-09 15:35
|
| qs |
CVE-2022-24999 |
高危 |
6.5.1 |
6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4 |
express: "qs" prototype poisoning causes the hang of the node process
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24999
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2022-11-26 22:15 修改: 2023-09-08 17:15
|
| qs |
CVE-2022-24999 |
高危 |
6.5.1 |
6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4 |
express: "qs" prototype poisoning causes the hang of the node process
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24999
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2022-11-26 22:15 修改: 2023-09-08 17:15
|
| qs |
CVE-2022-24999 |
高危 |
6.5.2 |
6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4 |
express: "qs" prototype poisoning causes the hang of the node process
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24999
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2022-11-26 22:15 修改: 2023-09-08 17:15
|
| redis |
CVE-2021-29469 |
高危 |
2.8.0 |
3.1.1 |
Node-redis is a Node.js Redis client. Before version 3.1.1, when a cli ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-29469
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2021-04-23 18:15 修改: 2022-08-03 10:23
|
| semver |
CVE-2022-25883 |
高危 |
5.3.0 |
7.5.2, 6.3.1, 5.7.2 |
nodejs-semver: Regular expression denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2023-06-21 05:15 修改: 2023-11-07 03:44
|
| semver |
CVE-2022-25883 |
高危 |
5.4.1 |
7.5.2, 6.3.1, 5.7.2 |
nodejs-semver: Regular expression denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2023-06-21 05:15 修改: 2023-11-07 03:44
|
| semver |
CVE-2022-25883 |
高危 |
5.5.0 |
7.5.2, 6.3.1, 5.7.2 |
nodejs-semver: Regular expression denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2023-06-21 05:15 修改: 2023-11-07 03:44
|
| semver |
CVE-2022-25883 |
高危 |
5.5.1 |
7.5.2, 6.3.1, 5.7.2 |
nodejs-semver: Regular expression denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2023-06-21 05:15 修改: 2023-11-07 03:44
|
| semver |
CVE-2022-25883 |
高危 |
5.5.1 |
7.5.2, 6.3.1, 5.7.2 |
nodejs-semver: Regular expression denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2023-06-21 05:15 修改: 2023-11-07 03:44
|
| hoek |
CVE-2020-36604 |
高危 |
4.2.0 |
|
hapi/hoek: Prototype Pollution in @hapi/hoek
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36604
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2022-09-23 06:15 修改: 2023-11-07 03:22
|
| http-cache-semantics |
CVE-2022-25881 |
高危 |
3.8.0 |
4.1.1 |
http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25881
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2023-01-31 05:15 修改: 2023-11-07 03:44
|
| http-cache-semantics |
CVE-2022-25881 |
高危 |
3.8.0 |
4.1.1 |
http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25881
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2023-01-31 05:15 修改: 2023-11-07 03:44
|
| http-proxy-agent |
GHSA-8w57-jfpm-945m |
高危 |
2.0.0 |
2.1.0 |
Denial of Service in http-proxy-agent
漏洞详情: https://github.com/advisories/GHSA-8w57-jfpm-945m
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| http-proxy-agent |
GHSA-8w57-jfpm-945m |
高危 |
2.0.0 |
2.1.0 |
Denial of Service in http-proxy-agent
漏洞详情: https://github.com/advisories/GHSA-8w57-jfpm-945m
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| http-proxy-agent |
NSWG-ECO-402 |
高危 |
2.0.0 |
>=2.1.0 |
Denial of Service
漏洞详情: https://hackerone.com/reports/321631
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| set-value |
CVE-2021-23440 |
高危 |
0.4.3 |
4.0.1, 2.0.1, 3.0.3 |
nodejs-set-value: type confusion allows bypass of CVE-2019-10747
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23440
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2021-09-12 13:15 修改: 2022-03-29 16:39
|
| http-proxy-agent |
NSWG-ECO-402 |
高危 |
2.0.0 |
>=2.1.0 |
Denial of Service
漏洞详情: https://hackerone.com/reports/321631
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| set-value |
CVE-2021-23440 |
高危 |
2.0.0 |
4.0.1, 2.0.1, 3.0.3 |
nodejs-set-value: type confusion allows bypass of CVE-2019-10747
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23440
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2021-09-12 13:15 修改: 2022-03-29 16:39
|
| shelljs |
CVE-2022-0144 |
高危 |
0.8.2 |
0.8.5 |
nodejs-shelljs: improper privilege management
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0144
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2022-01-11 07:15 修改: 2022-02-09 14:17
|
| sshpk |
CVE-2018-3737 |
高危 |
1.13.1 |
1.13.2 |
nodejs-sshpk: ReDoS when parsing crafted invalid public keys in lib/formats/ssh.js
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-3737
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2018-06-07 02:29 修改: 2023-01-30 16:06
|
| sshpk |
NSWG-ECO-401 |
高危 |
1.13.1 |
>=1.13.2 |
Denial of Service
漏洞详情: https://hackerone.com/reports/319593
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| tar |
CVE-2018-20834 |
高危 |
2.2.1 |
4.4.2, 2.2.2 |
nodejs-tar: Arbitrary file overwrites when extracting tarballs containing a hard-link
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-20834
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2019-04-30 19:29 修改: 2019-09-04 20:15
|
| tar |
CVE-2021-32804 |
高危 |
2.2.1 |
3.2.2, 4.4.14, 5.0.6, 6.1.1 |
nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32804
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2021-08-03 19:15 修改: 2022-04-25 19:12
|
| tar |
CVE-2021-37713 |
高危 |
2.2.1 |
4.4.18, 5.0.10, 6.1.9 |
nodejs-tar: Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37713
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2021-08-31 17:15 修改: 2022-04-25 18:40
|
| tar |
CVE-2018-20834 |
高危 |
4.0.2 |
4.4.2, 2.2.2 |
nodejs-tar: Arbitrary file overwrites when extracting tarballs containing a hard-link
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-20834
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2019-04-30 19:29 修改: 2019-09-04 20:15
|
| tar |
CVE-2021-32803 |
高危 |
4.0.2 |
3.2.3, 4.4.15, 5.0.7, 6.1.2 |
nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32803
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2021-08-03 19:15 修改: 2022-07-02 18:28
|
| tar |
CVE-2021-32804 |
高危 |
4.0.2 |
3.2.2, 4.4.14, 5.0.6, 6.1.1 |
nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32804
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2021-08-03 19:15 修改: 2022-04-25 19:12
|
| tar |
CVE-2021-37701 |
高危 |
4.0.2 |
4.4.16, 5.0.8, 6.1.7 |
nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37701
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2021-08-31 17:15 修改: 2023-01-19 20:11
|
| tar |
CVE-2021-37712 |
高危 |
4.0.2 |
4.4.18, 5.0.10, 6.1.9 |
nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37712
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2021-08-31 17:15 修改: 2023-02-23 02:28
|
| tar |
CVE-2021-37713 |
高危 |
4.0.2 |
4.4.18, 5.0.10, 6.1.9 |
nodejs-tar: Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37713
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2021-08-31 17:15 修改: 2022-04-25 18:40
|
| ws |
CVE-2024-37890 |
高危 |
3.3.3 |
5.2.4, 6.2.3, 7.5.10, 8.17.1 |
nodejs-ws: denial of service when handling a request with many HTTP headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37890
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2024-06-17 20:15 修改: 2024-06-20 12:44
|
| ws |
CVE-2024-37890 |
高危 |
5.2.2 |
5.2.4, 6.2.3, 7.5.10, 8.17.1 |
nodejs-ws: denial of service when handling a request with many HTTP headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37890
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2024-06-17 20:15 修改: 2024-06-20 12:44
|
| y18n |
CVE-2020-7774 |
高危 |
3.2.1 |
3.2.2, 4.0.1, 5.0.5 |
nodejs-y18n: prototype pollution vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7774
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2020-11-17 13:15 修改: 2022-12-02 19:40
|
| y18n |
CVE-2020-7774 |
高危 |
3.2.1 |
3.2.2, 4.0.1, 5.0.5 |
nodejs-y18n: prototype pollution vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7774
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2020-11-17 13:15 修改: 2022-12-02 19:40
|
| y18n |
CVE-2020-7774 |
高危 |
3.2.1 |
3.2.2, 4.0.1, 5.0.5 |
nodejs-y18n: prototype pollution vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7774
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2020-11-17 13:15 修改: 2022-12-02 19:40
|
| y18n |
CVE-2020-7774 |
高危 |
3.2.1 |
3.2.2, 4.0.1, 5.0.5 |
nodejs-y18n: prototype pollution vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7774
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2020-11-17 13:15 修改: 2022-12-02 19:40
|
| yarn |
CVE-2019-10773 |
高危 |
1.6.0 |
1.22.0 |
nodejs-yarn: Install functionality can be abused to generate arbitrary symlinks
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10773
镜像层: sha256:49fb9451c65f715b3ae3baa04485afe22d2f10b1a68d63861cb11017da26385e
发布日期: 2019-12-16 20:15 修改: 2023-11-07 03:02
|
| yarn |
CVE-2019-5448 |
高危 |
1.6.0 |
1.17.3 |
Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Da ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-5448
镜像层: sha256:49fb9451c65f715b3ae3baa04485afe22d2f10b1a68d63861cb11017da26385e
发布日期: 2019-07-30 21:15 修改: 2021-11-03 18:27
|
| yarn |
CVE-2020-8131 |
高危 |
1.6.0 |
1.22.0 |
yarn: Arbitrary filesystem write via tar expansion
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8131
镜像层: sha256:49fb9451c65f715b3ae3baa04485afe22d2f10b1a68d63861cb11017da26385e
发布日期: 2020-02-24 15:15 修改: 2020-03-24 14:47
|
| yarn |
CVE-2021-4435 |
高危 |
1.6.0 |
1.22.13 |
yarn: untrusted search path
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-4435
镜像层: sha256:49fb9451c65f715b3ae3baa04485afe22d2f10b1a68d63861cb11017da26385e
发布日期: 2024-02-04 20:15 修改: 2024-02-13 00:38
|
| lodash |
CVE-2020-28500 |
中危 |
4.17.11 |
4.17.21 |
nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28500
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2021-02-15 11:15 修改: 2022-09-13 21:18
|
| path-parse |
CVE-2021-23343 |
中危 |
1.0.6 |
1.0.7 |
nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23343
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2021-05-04 09:15 修改: 2023-11-07 03:30
|
| path-parse |
CVE-2021-23343 |
中危 |
1.0.6 |
1.0.7 |
nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23343
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2021-05-04 09:15 修改: 2023-11-07 03:30
|
| express |
CVE-2024-29041 |
中危 |
4.16.3 |
4.19.2, 5.0.0-beta.3 |
express: cause malformed URLs to be evaluated
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29041
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2024-03-25 21:15 修改: 2024-03-26 12:55
|
| protobufjs |
CVE-2018-3738 |
中危 |
4.1.3 |
>=5.0.3 <6.0.0, >=6.8.6 |
Denial of Service
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-3738
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2018-06-07 02:29 修改: 2023-01-30 16:07
|
| log4js |
CVE-2022-21704 |
中危 |
3.0.5 |
6.4.0 |
log4js-node is a port of log4js to node.js. In affected versions defau ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21704
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2022-01-19 23:15 修改: 2023-02-03 19:16
|
| pug |
CVE-2024-36361 |
中危 |
2.0.3 |
3.0.3 |
Pug allows JavaScript code execution if an application accepts untrusted input
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36361
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2024-05-24 06:15 修改: 2024-08-02 04:17
|
| markdown-it |
CVE-2022-21670 |
中危 |
8.4.2 |
12.3.2 |
markdown-it is a Markdown parser. Prior to version 1.3.2, special patt ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21670
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2022-01-10 21:15 修改: 2023-07-24 13:54
|
| pug-code-gen |
CVE-2024-36361 |
中危 |
2.0.1 |
3.0.3 |
Pug allows JavaScript code execution if an application accepts untrusted input
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36361
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2024-05-24 06:15 修改: 2024-08-02 04:17
|
| mem |
GHSA-4xcv-9jjx-gfj3 |
中危 |
1.1.0 |
4.0.0 |
Denial of Service in mem
漏洞详情: https://github.com/advisories/GHSA-4xcv-9jjx-gfj3
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| micromatch |
CVE-2024-4067 |
中危 |
3.1.10 |
4.0.8 |
micromatch: vulnerable to Regular Expression Denial of Service
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4067
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2024-05-14 15:42 修改: 2024-08-28 00:15
|
| express |
CVE-2024-43796 |
中危 |
4.16.3 |
4.20.0, 5.0.0 |
express: Improper Input Handling in Express Redirects
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43796
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2024-09-10 15:15 修改: 2024-09-20 16:07
|
| extend |
CVE-2018-16492 |
中危 |
3.0.1 |
3.0.2, 2.0.2 |
nodejs-extend: Prototype pollution can allow attackers to modify object properties
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-16492
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2019-02-01 18:29 修改: 2019-10-09 23:36
|
| request |
CVE-2023-28155 |
中危 |
2.83.0 |
|
The Request package through 2.88.1 for Node.js allows a bypass of SSRF ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28155
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2023-03-16 15:15 修改: 2024-08-02 13:15
|
| request |
CVE-2023-28155 |
中危 |
2.88.0 |
|
The Request package through 2.88.1 for Node.js allows a bypass of SSRF ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28155
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2023-03-16 15:15 修改: 2024-08-02 13:15
|
| axios |
CVE-2023-45857 |
中危 |
0.16.2 |
1.6.0, 0.28.0 |
axios: exposure of confidential data stored in cookies
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45857
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2023-11-08 21:15 修改: 2024-06-21 19:15
|
| jsonwebtoken |
CVE-2022-23540 |
中危 |
8.3.0 |
9.0.0 |
jsonwebtoken: Insecure default algorithm in jwt.verify() could lead to signature validation bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23540
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2022-12-22 19:15 修改: 2024-06-21 19:15
|
| jsonwebtoken |
CVE-2022-23541 |
中危 |
8.3.0 |
9.0.0 |
jsonwebtoken: Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23541
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2022-12-22 18:15 修改: 2024-06-21 19:15
|
| follow-redirects |
CVE-2022-0536 |
中危 |
1.5.8 |
1.14.8 |
follow-redirects: Exposure of Sensitive Information via Authorization Header leak
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0536
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2022-02-09 11:15 修改: 2023-08-02 09:15
|
| follow-redirects |
CVE-2023-26159 |
中危 |
1.5.8 |
1.15.4 |
follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26159
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2024-01-02 05:15 修改: 2024-01-23 03:15
|
| send |
CVE-2024-43799 |
中危 |
0.16.2 |
0.19.0 |
send: Code Execution Vulnerability in Send Library
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43799
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2024-09-10 15:15 修改: 2024-09-20 16:57
|
| http-proxy-agent |
CVE-2019-10196 |
中危 |
2.0.0 |
2.1.0 |
nodejs-http-proxy-agent: Denial of Service and data leak due to improper buffer sanitization
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10196
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2021-03-19 20:15 修改: 2021-03-25 19:21
|
| http-proxy-agent |
CVE-2019-10196 |
中危 |
2.0.0 |
2.1.0 |
nodejs-http-proxy-agent: Denial of Service and data leak due to improper buffer sanitization
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10196
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2021-03-19 20:15 修改: 2021-03-25 19:21
|
| minimist |
CVE-2020-7598 |
中危 |
0.0.8 |
0.2.1, 1.2.3 |
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7598
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2020-03-11 23:15 修改: 2022-04-22 19:02
|
| minimist |
CVE-2020-7598 |
中危 |
0.0.8 |
0.2.1, 1.2.3 |
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7598
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2020-03-11 23:15 修改: 2022-04-22 19:02
|
| minimist |
CVE-2020-7598 |
中危 |
0.0.8 |
0.2.1, 1.2.3 |
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7598
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2020-03-11 23:15 修改: 2022-04-22 19:02
|
| sequelize |
CVE-2023-22580 |
中危 |
4.38.1 |
6.28.1 |
Sequelize information disclosure vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22580
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2023-02-16 15:15 修改: 2023-04-28 18:52
|
| sequelize |
GHSA-fw4p-36j9-rrj3 |
中危 |
4.38.1 |
4.44.4 |
Denial of Service in sequelize
漏洞详情: https://github.com/advisories/GHSA-fw4p-36j9-rrj3
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| serve-static |
CVE-2024-43800 |
中危 |
1.13.2 |
1.16.0, 2.1.0 |
serve-static: Improper Sanitization in serve-static
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43800
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2024-09-10 15:15 修改: 2024-09-20 17:36
|
| follow-redirects |
CVE-2024-28849 |
中危 |
1.5.8 |
1.15.6 |
follow-redirects: Possible credential leak
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28849
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2024-03-14 17:15 修改: 2024-03-23 03:15
|
| ajv |
CVE-2020-15366 |
中危 |
5.5.2 |
6.12.3 |
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15366
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2020-07-15 20:15 修改: 2024-06-21 19:15
|
| got |
CVE-2022-33987 |
中危 |
6.7.1 |
12.1.0, 11.8.5 |
nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-33987
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2022-06-18 21:15 修改: 2022-06-28 16:15
|
| minimist |
CVE-2020-7598 |
中危 |
1.2.0 |
0.2.1, 1.2.3 |
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7598
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2020-03-11 23:15 修改: 2022-04-22 19:02
|
| minimist |
CVE-2020-7598 |
中危 |
1.2.0 |
0.2.1, 1.2.3 |
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7598
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2020-03-11 23:15 修改: 2022-04-22 19:02
|
| shelljs |
GHSA-64g7-mvw6-v9qj |
中危 |
0.8.2 |
0.8.5 |
Improper Privilege Management in shelljs
漏洞详情: https://github.com/advisories/GHSA-64g7-mvw6-v9qj
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| minimist |
CVE-2020-7598 |
中危 |
1.2.0 |
0.2.1, 1.2.3 |
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7598
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2020-03-11 23:15 修改: 2022-04-22 19:02
|
| ajv |
CVE-2020-15366 |
中危 |
5.2.3 |
6.12.3 |
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15366
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2020-07-15 20:15 修改: 2024-06-21 19:15
|
| ssri |
CVE-2018-7651 |
中危 |
4.1.6 |
5.2.2 |
index.js in the ssri module before 5.2.2 for Node.js is prone to a reg ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-7651
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2018-03-04 01:29 修改: 2018-03-27 14:46
|
| ssri |
CVE-2018-7651 |
中危 |
4.1.6 |
5.2.2 |
index.js in the ssri module before 5.2.2 for Node.js is prone to a reg ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-7651
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2018-03-04 01:29 修改: 2018-03-27 14:46
|
| ssri |
CVE-2018-7651 |
中危 |
5.0.0 |
5.2.2 |
index.js in the ssri module before 5.2.2 for Node.js is prone to a reg ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-7651
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2018-03-04 01:29 修改: 2018-03-27 14:46
|
| ssri |
CVE-2018-7651 |
中危 |
5.0.0 |
5.2.2 |
index.js in the ssri module before 5.2.2 for Node.js is prone to a reg ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-7651
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2018-03-04 01:29 修改: 2018-03-27 14:46
|
| stringstream |
CVE-2018-21270 |
中危 |
0.0.5 |
0.0.6 |
nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-21270
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2020-12-03 21:15 修改: 2021-02-16 14:35
|
| stringstream |
NSWG-ECO-422 |
中危 |
0.0.5 |
>=0.0.6 |
Out-of-bounds Read
漏洞详情: https://hackerone.com/reports/321670
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| https-proxy-agent |
GHSA-pc5p-h8pf-mvwp |
中危 |
2.1.0 |
2.2.3 |
Machine-In-The-Middle in https-proxy-agent
漏洞详情: https://github.com/advisories/GHSA-pc5p-h8pf-mvwp
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| lodash |
CVE-2019-1010266 |
中危 |
3.10.1 |
4.17.11 |
lodash: uncontrolled resource consumption in Data handler causing denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-1010266
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2019-07-17 21:15 修改: 2020-09-30 13:40
|
| lodash |
CVE-2019-1010266 |
中危 |
3.10.1 |
4.17.11 |
lodash: uncontrolled resource consumption in Data handler causing denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-1010266
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2019-07-17 21:15 修改: 2020-09-30 13:40
|
| tar |
CVE-2024-28863 |
中危 |
2.2.1 |
6.2.1 |
node-tar: denial of service while parsing a tar file due to lack of folders depth validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28863
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2024-03-21 23:15 修改: 2024-06-10 17:16
|
| lodash |
CVE-2020-28500 |
中危 |
3.10.1 |
4.17.21 |
nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28500
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2021-02-15 11:15 修改: 2022-09-13 21:18
|
| moment-timezone |
GHSA-v78c-4p63-2j6c |
中危 |
0.5.21 |
0.5.35 |
Cleartext Transmission of Sensitive Information in moment-timezone
漏洞详情: https://github.com/advisories/GHSA-v78c-4p63-2j6c
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| moment-timezone |
GHSA-v78c-4p63-2j6c |
中危 |
0.5.21 |
0.5.35 |
Cleartext Transmission of Sensitive Information in moment-timezone
漏洞详情: https://github.com/advisories/GHSA-v78c-4p63-2j6c
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| lodash |
CVE-2020-28500 |
中危 |
3.10.1 |
4.17.21 |
nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28500
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2021-02-15 11:15 修改: 2022-09-13 21:18
|
| https-proxy-agent |
GHSA-pc5p-h8pf-mvwp |
中危 |
2.1.0 |
2.2.3 |
Machine-In-The-Middle in https-proxy-agent
漏洞详情: https://github.com/advisories/GHSA-pc5p-h8pf-mvwp
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| https-proxy-agent |
NSWG-ECO-505 |
中危 |
2.1.0 |
>=2.2.3 |
Man-in-the-Middle
漏洞详情: https://hackerone.com/reports/541502
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| tar |
CVE-2024-28863 |
中危 |
4.0.2 |
6.2.1 |
node-tar: denial of service while parsing a tar file due to lack of folders depth validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28863
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2024-03-21 23:15 修改: 2024-06-10 17:16
|
| tough-cookie |
CVE-2023-26136 |
中危 |
2.3.3 |
4.1.3 |
tough-cookie: prototype pollution in cookie memstore
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26136
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2023-07-01 05:15 修改: 2024-06-21 19:15
|
| tough-cookie |
CVE-2023-26136 |
中危 |
2.4.3 |
4.1.3 |
tough-cookie: prototype pollution in cookie memstore
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26136
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2023-07-01 05:15 修改: 2024-06-21 19:15
|
| validator |
CVE-2021-3765 |
中危 |
10.7.1 |
13.7.0 |
validator: Inefficient Regular Expression Complexity in Validator.js
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3765
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2021-11-02 07:15 修改: 2023-07-07 19:27
|
| mysql2 |
CVE-2024-21507 |
中危 |
1.6.1 |
3.9.3 |
mysql2: Improper Input Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21507
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2024-04-10 05:15 修改: 2024-08-01 13:46
|
| mysql2 |
CVE-2024-21509 |
中危 |
1.6.1 |
3.9.4 |
mysql2: Prototype Poisoning
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21509
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2024-04-10 05:15 修改: 2024-08-22 13:35
|
| ws |
CVE-2021-32640 |
中危 |
5.2.2 |
7.4.6, 6.2.2, 5.2.3 |
nodejs-ws: Specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32640
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2021-05-25 19:15 修改: 2023-11-07 03:35
|
| xml2js |
CVE-2023-0842 |
中危 |
0.4.19 |
0.5.0 |
node-xml2js: xml2js is vulnerable to prototype pollution
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0842
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2023-04-05 20:15 修改: 2024-03-14 21:15
|
| xml2js |
CVE-2023-0842 |
中危 |
0.4.19 |
0.5.0 |
node-xml2js: xml2js is vulnerable to prototype pollution
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0842
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2023-04-05 20:15 修改: 2024-03-14 21:15
|
| xml2js |
CVE-2023-0842 |
中危 |
0.4.4 |
0.5.0 |
node-xml2js: xml2js is vulnerable to prototype pollution
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0842
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2023-04-05 20:15 修改: 2024-03-14 21:15
|
| https-proxy-agent |
NSWG-ECO-505 |
中危 |
2.1.0 |
>=2.2.3 |
Man-in-the-Middle
漏洞详情: https://hackerone.com/reports/541502
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| nodemailer |
CVE-2021-23400 |
中危 |
4.6.8 |
6.6.1 |
The package nodemailer before 6.6.1 are vulnerable to HTTP Header Inje ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23400
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2021-06-29 12:15 修改: 2021-07-06 18:48
|
| nodemailer |
GHSA-9h6g-pr28-7cqp |
中危 |
4.6.8 |
6.9.9 |
nodemailer ReDoS when trying to send a specially crafted email
漏洞详情: https://github.com/advisories/GHSA-9h6g-pr28-7cqp
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| helmet-csp |
GHSA-c3m8-x3cg-qm2c |
中危 |
2.7.1 |
2.9.1 |
Configuration Override in helmet-csp
漏洞详情: https://github.com/advisories/GHSA-c3m8-x3cg-qm2c
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| yargs-parser |
CVE-2020-7608 |
中危 |
10.1.0 |
13.1.2, 15.0.1, 18.1.1, 5.0.1 |
nodejs-yargs-parser: prototype pollution vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7608
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2020-03-16 20:15 修改: 2022-11-15 16:40
|
| yargs-parser |
CVE-2020-7608 |
中危 |
7.0.0 |
13.1.2, 15.0.1, 18.1.1, 5.0.1 |
nodejs-yargs-parser: prototype pollution vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7608
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2020-03-16 20:15 修改: 2022-11-15 16:40
|
| axios |
CVE-2020-28168 |
中危 |
0.16.2 |
0.21.1 |
nodejs-axios: allows an attacker to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28168
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2020-11-06 20:15 修改: 2023-11-07 03:21
|
| hosted-git-info |
CVE-2021-23362 |
中危 |
2.5.0 |
2.8.9, 3.0.8 |
nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23362
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2021-03-23 17:15 修改: 2023-08-08 14:22
|
| lodash |
CVE-2020-28500 |
中危 |
4.17.11 |
4.17.21 |
nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28500
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2021-02-15 11:15 修改: 2022-09-13 21:18
|
| npm |
CVE-2020-15095 |
中危 |
5.6.0 |
6.14.6 |
npm: sensitive information exposure through logs
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15095
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2020-07-07 19:15 修改: 2023-11-07 03:17
|
| yarn |
CVE-2019-15608 |
中危 |
1.6.0 |
1.19.0 |
yarn: TOCTOU vulnerability leads to cache pollution
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-15608
镜像层: sha256:49fb9451c65f715b3ae3baa04485afe22d2f10b1a68d63861cb11017da26385e
发布日期: 2020-03-15 18:15 修改: 2020-03-21 01:15
|
| lodash |
CVE-2018-3721 |
低危 |
3.10.1 |
>=4.17.5 |
lodash: Prototype pollution in utilities function
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-3721
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2018-06-07 02:29 修改: 2024-02-16 16:54
|
| bin-links |
GHSA-v45m-2wcp-gg98 |
低危 |
1.1.0 |
1.1.6 |
Global node_modules Binary Overwrite in bin-links
漏洞详情: https://github.com/advisories/GHSA-v45m-2wcp-gg98
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| chownr |
CVE-2017-18869 |
低危 |
1.0.1 |
1.1.0 |
nodejs-chownr: TOCTOU vulnerability in `chownr` function in chownr.js
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-18869
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2020-06-15 15:15 修改: 2020-06-17 19:51
|
| hoek |
CVE-2018-3728 |
低危 |
4.2.0 |
>=5.0.3 >=4.2.1 |
hoek: Prototype pollution in utilities function
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-3728
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2018-03-30 19:29 修改: 2019-10-09 23:40
|
| cookie |
CVE-2024-47764 |
低危 |
0.3.1 |
0.7.0 |
cookie: cookie accepts cookie name, path, and domain with out of bounds characters
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47764
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2024-10-04 20:15 修改: 2024-10-07 17:48
|
| ip |
CVE-2023-42282 |
低危 |
1.1.5 |
2.0.1, 1.1.9 |
nodejs-ip: arbitrary code execution via the isPublic() function
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42282
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2024-02-08 17:15 修改: 2024-10-09 15:14
|
| ip |
CVE-2023-42282 |
低危 |
1.1.5 |
2.0.1, 1.1.9 |
nodejs-ip: arbitrary code execution via the isPublic() function
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42282
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 2024-02-08 17:15 修改: 2024-10-09 15:14
|
| deep-extend |
NSWG-ECO-408 |
低危 |
0.4.2 |
>=0.5.1 |
deep-extend prototype pollution
漏洞详情: https://hackerone.com/reports/311333
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| deep-extend |
NSWG-ECO-408 |
低危 |
0.4.2 |
>=0.5.1 |
deep-extend prototype pollution
漏洞详情: https://hackerone.com/reports/311333
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| bin-links |
GHSA-2mj8-pj3j-h362 |
低危 |
1.1.0 |
1.1.5 |
Symlink reference outside of node_modules in bin-links
漏洞详情: https://github.com/advisories/GHSA-2mj8-pj3j-h362
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| debug |
CVE-2017-16137 |
低危 |
3.2.5 |
2.6.9, 3.1.0, 3.2.7, 4.3.1 |
nodejs-debug: Regular expression Denial of Service
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-16137
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2018-06-07 02:29 修改: 2023-11-07 02:40
|
| npm-user-validate |
GHSA-xgh6-85xh-479p |
低危 |
1.0.0 |
1.0.1 |
Regular Expression Denial of Service in npm-user-validate
漏洞详情: https://github.com/advisories/GHSA-xgh6-85xh-479p
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| moment-timezone |
GHSA-56x4-j7p9-fcf9 |
低危 |
0.5.21 |
0.5.35 |
Command Injection in moment-timezone
漏洞详情: https://github.com/advisories/GHSA-56x4-j7p9-fcf9
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| moment-timezone |
GHSA-56x4-j7p9-fcf9 |
低危 |
0.5.21 |
0.5.35 |
Command Injection in moment-timezone
漏洞详情: https://github.com/advisories/GHSA-56x4-j7p9-fcf9
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| debug |
CVE-2017-16137 |
低危 |
3.2.5 |
2.6.9, 3.1.0, 3.2.7, 4.3.1 |
nodejs-debug: Regular expression Denial of Service
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-16137
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2018-06-07 02:29 修改: 2023-11-07 02:40
|
| bin-links |
GHSA-gqf6-75v8-vr26 |
低危 |
1.1.0 |
1.1.5 |
Arbitrary File Write in bin-links
漏洞详情: https://github.com/advisories/GHSA-gqf6-75v8-vr26
镜像层: sha256:7d863d91deaa6ddea47e387170b081ab10b3d9eeb2680c6b1c188d45eb5fea12
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| lodash |
CVE-2018-3721 |
低危 |
3.10.1 |
>=4.17.5 |
lodash: Prototype pollution in utilities function
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-3721
镜像层: sha256:2c170aceabfd95f2114618e70b5bf0d9c4a50a34925400cc98293b6abbc196ae
发布日期: 2018-06-07 02:29 修改: 2024-02-16 16:54
|