| bson |
CVE-2020-7610 |
严重 |
1.1.0 |
1.1.4 |
bson: Deserialization of Untrusted Data could result in Code injection or Excessive CPU load
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7610
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2020-03-30 19:15 修改: 2020-04-01 19:47
|
| bson |
CVE-2020-7610 |
严重 |
1.1.1 |
1.1.4 |
bson: Deserialization of Untrusted Data could result in Code injection or Excessive CPU load
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7610
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2020-03-30 19:15 修改: 2020-04-01 19:47
|
| deep-extend |
CVE-2018-3750 |
严重 |
0.4.2 |
0.5.1 |
nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-3750
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2018-07-03 21:29 修改: 2018-08-23 13:12
|
| deep-extend |
CVE-2018-3750 |
严重 |
0.5.0 |
0.5.1 |
nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-3750
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2018-07-03 21:29 修改: 2018-08-23 13:12
|
| json-schema |
CVE-2021-3918 |
严重 |
0.2.3 |
0.4.0 |
nodejs-json-schema: Prototype pollution vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3918
镜像层: sha256:0b7ff74144e39a574a7d44cbce3a9803a00735bf5091115f5480e36c74d60fb7
发布日期: 2021-11-13 09:15 修改: 2025-01-17 20:15
|
| json-schema |
CVE-2021-3918 |
严重 |
0.2.3 |
0.4.0 |
nodejs-json-schema: Prototype pollution vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3918
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2021-11-13 09:15 修改: 2025-01-17 20:15
|
| jsrsasign |
CVE-2020-14967 |
严重 |
8.0.12 |
8.0.18 |
RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14967
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2020-06-22 12:15 修改: 2023-01-28 00:57
|
| jsrsasign |
CVE-2020-14968 |
严重 |
8.0.12 |
8.0.17 |
RSA-PSS signature validation vulnerability by prepending zeros in jsrsasign
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14968
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2020-06-22 12:15 修改: 2023-01-27 20:52
|
| jsrsasign |
CVE-2021-30246 |
严重 |
8.0.12 |
10.2.0 |
RSA signature validation vulnerability on maleable encoded message in jsrsasign
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-30246
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2021-04-07 21:15 修改: 2021-04-14 16:09
|
| lodash |
CVE-2019-10744 |
严重 |
4.17.5 |
4.17.12 |
nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10744
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2019-07-26 00:15 修改: 2024-01-21 02:45
|
| lodash-es |
CVE-2019-10744 |
严重 |
4.17.5 |
4.17.14 |
nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10744
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2019-07-26 00:15 修改: 2024-01-21 02:45
|
| minimist |
CVE-2021-44906 |
严重 |
0.0.8 |
1.2.6, 0.2.4 |
minimist: prototype pollution
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44906
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-03-17 16:15 修改: 2024-06-21 19:15
|
| minimist |
CVE-2021-44906 |
严重 |
1.2.5 |
1.2.6, 0.2.4 |
minimist: prototype pollution
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44906
镜像层: sha256:0b7ff74144e39a574a7d44cbce3a9803a00735bf5091115f5480e36c74d60fb7
发布日期: 2022-03-17 16:15 修改: 2024-06-21 19:15
|
| minimist |
CVE-2021-44906 |
严重 |
1.2.5 |
1.2.6, 0.2.4 |
minimist: prototype pollution
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44906
镜像层: sha256:0b7ff74144e39a574a7d44cbce3a9803a00735bf5091115f5480e36c74d60fb7
发布日期: 2022-03-17 16:15 修改: 2024-06-21 19:15
|
| mongoose |
CVE-2022-24304 |
严重 |
5.7.5 |
6.4.6, 5.13.15 |
Mongoose Vulnerable to Prototype Pollution in Schema Object
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24304
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-08-26 05:15 修改: 2023-11-07 03:44
|
| mongoose |
CVE-2023-3696 |
严重 |
5.7.5 |
7.3.3, 6.11.3, 5.13.20 |
Mongoose Prototype Pollution vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3696
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2023-07-17 01:15 修改: 2023-08-02 17:30
|
| mongoose |
CVE-2025-23061 |
严重 |
5.7.5 |
8.9.5, 7.8.4, 6.13.6 |
Mongoose search injection vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-23061
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2025-01-15 05:15 修改: 2025-01-15 05:15
|
| nodemailer |
CVE-2020-7769 |
严重 |
4.0.1 |
6.4.16 |
This affects the package nodemailer before 6.4.16. Use of crafted reci ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7769
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2020-11-12 09:15 修改: 2021-07-21 11:39
|
| thenify |
CVE-2020-7677 |
严重 |
3.3.0 |
3.3.1 |
thenify: Arbitrary Code Execution in thenify
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7677
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-07-25 14:15 修改: 2023-11-07 03:26
|
| underscore |
CVE-2021-23358 |
严重 |
1.8.3 |
1.12.1 |
nodejs-underscore: Arbitrary code execution via the template function
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23358
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2021-03-29 14:15 修改: 2023-11-07 03:30
|
| vm2 |
CVE-2021-23449 |
严重 |
3.9.1 |
3.9.4 |
Prototype Pollution in vm2
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23449
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2021-10-18 17:15 修改: 2022-06-28 14:11
|
| vm2 |
CVE-2021-23555 |
严重 |
3.9.1 |
3.9.6 |
vm2: vulnerable to Sandbox Bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23555
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-02-11 20:15 修改: 2022-02-22 20:12
|
| vm2 |
CVE-2022-25893 |
严重 |
3.9.1 |
3.9.10 |
vm2 vulnerable to Arbitrary Code Execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25893
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-12-21 05:15 修改: 2023-01-03 13:59
|
| vm2 |
CVE-2022-36067 |
严重 |
3.9.1 |
3.9.11 |
vm2: Sandbox Escape in vm2
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-36067
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-09-06 22:15 修改: 2022-11-08 03:03
|
| vm2 |
CVE-2023-29017 |
严重 |
3.9.1 |
3.9.15 |
vm2: sandbox escape
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29017
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2023-04-06 20:15 修改: 2023-04-13 13:20
|
| vm2 |
CVE-2023-29199 |
严重 |
3.9.1 |
3.9.16 |
vm2: Sandbox Escape
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29199
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2023-04-14 19:15 修改: 2023-04-25 15:14
|
| vm2 |
CVE-2023-30547 |
严重 |
3.9.1 |
3.9.17 |
vm2: Sandbox Escape when exception sanitization
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-30547
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2023-04-17 22:15 修改: 2023-04-28 01:13
|
| vm2 |
CVE-2023-32314 |
严重 |
3.9.1 |
3.9.18 |
vm2: Sandbox Escape
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32314
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2023-05-15 20:15 修改: 2023-05-24 20:50
|
| vm2 |
CVE-2023-37466 |
严重 |
3.9.1 |
|
vm2: Promise handler sanitization can be bypassed allowing attackers to escape the sandbox and run arbitrary code
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-37466
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2023-07-14 00:15 修改: 2024-02-01 14:05
|
| vm2 |
CVE-2023-37903 |
严重 |
3.9.1 |
|
vm2: custom inspect function allows attackers to escape the sandbox and run arbitrary code
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-37903
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2023-07-21 20:15 修改: 2024-02-01 13:46
|
| jsrsasign |
CVE-2022-25898 |
高危 |
8.0.12 |
10.5.25 |
JWS and JWT signature validation vulnerability with special characters
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25898
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-07-01 20:15 修改: 2022-07-13 19:01
|
| jsrsasign |
CVE-2024-21484 |
高危 |
8.0.12 |
11.0.0 |
jsrsasign: vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21484
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2024-01-22 05:15 修改: 2024-03-06 14:15
|
| cross-spawn |
CVE-2024-21538 |
高危 |
5.1.0 |
7.0.5, 6.0.6 |
cross-spawn: regular expression denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21538
镜像层: sha256:0b7ff74144e39a574a7d44cbce3a9803a00735bf5091115f5480e36c74d60fb7
发布日期: 2024-11-08 05:15 修改: 2024-11-19 14:15
|
| lodash |
CVE-2018-16487 |
高危 |
4.17.5 |
>=4.17.11 |
lodash: Prototype pollution in utilities function
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-16487
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2019-02-01 18:29 修改: 2020-09-18 16:38
|
| lodash |
CVE-2020-8203 |
高危 |
4.17.5 |
4.17.19 |
nodejs-lodash: prototype pollution in zipObjectDeep function
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8203
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2020-07-15 17:15 修改: 2024-01-21 02:37
|
| lodash |
CVE-2021-23337 |
高危 |
4.17.5 |
4.17.21 |
nodejs-lodash: command injection via template
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23337
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2021-02-15 13:15 修改: 2022-09-13 21:25
|
| decode-uri-component |
CVE-2022-38900 |
高危 |
0.2.0 |
0.2.1 |
decode-uri-component: improper input validation resulting in DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38900
镜像层: sha256:0b7ff74144e39a574a7d44cbce3a9803a00735bf5091115f5480e36c74d60fb7
发布日期: 2022-11-28 13:15 修改: 2023-11-07 03:50
|
| lodash-es |
CVE-2020-8203 |
高危 |
4.17.5 |
4.17.20 |
nodejs-lodash: prototype pollution in zipObjectDeep function
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8203
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2020-07-15 17:15 修改: 2024-01-21 02:37
|
| lodash-es |
CVE-2021-23337 |
高危 |
4.17.5 |
4.17.21 |
nodejs-lodash: command injection via template
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23337
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2021-02-15 13:15 修改: 2022-09-13 21:25
|
| minimatch |
CVE-2022-3517 |
高危 |
3.0.4 |
3.0.5 |
nodejs-minimatch: ReDoS via the braceExpand function
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3517
镜像层: sha256:0b7ff74144e39a574a7d44cbce3a9803a00735bf5091115f5480e36c74d60fb7
发布日期: 2022-10-17 20:15 修改: 2023-11-07 03:51
|
| minimatch |
CVE-2022-3517 |
高危 |
3.0.4 |
3.0.5 |
nodejs-minimatch: ReDoS via the braceExpand function
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3517
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-10-17 20:15 修改: 2023-11-07 03:51
|
| ansi-regex |
CVE-2021-3807 |
高危 |
4.1.0 |
6.0.1, 5.0.1, 4.1.1, 3.0.1 |
nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3807
镜像层: sha256:0b7ff74144e39a574a7d44cbce3a9803a00735bf5091115f5480e36c74d60fb7
发布日期: 2021-09-17 07:15 修改: 2023-07-10 19:01
|
| ansi-regex |
CVE-2021-3807 |
高危 |
4.1.0 |
6.0.1, 5.0.1, 4.1.1, 3.0.1 |
nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3807
镜像层: sha256:0b7ff74144e39a574a7d44cbce3a9803a00735bf5091115f5480e36c74d60fb7
发布日期: 2021-09-17 07:15 修改: 2023-07-10 19:01
|
| dicer |
CVE-2022-24434 |
高危 |
0.2.5 |
|
dicer: nodejs service crash by sending a crafted payload
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24434
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-05-20 20:15 修改: 2022-06-07 02:04
|
| moment |
CVE-2022-24785 |
高危 |
2.19.3 |
2.29.2 |
Moment.js: Path traversal in moment.locale
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24785
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-04-04 17:15 修改: 2023-11-07 03:44
|
| moment |
CVE-2022-31129 |
高危 |
2.19.3 |
2.29.4 |
moment: inefficient parsing algorithm resulting in DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-31129
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-07-06 18:15 修改: 2023-11-07 03:47
|
| mongodb |
GHSA-mh5c-679w-hh4r |
高危 |
3.1.8 |
3.1.13 |
Denial of Service in mongodb
漏洞详情: https://github.com/advisories/GHSA-mh5c-679w-hh4r
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| fast-json-patch |
CVE-2021-4279 |
高危 |
2.0.6 |
3.1.1 |
Starcounter-Jack JSON-Patch Prototype Pollution vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-4279
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-12-25 20:15 修改: 2024-05-17 02:03
|
| follow-redirects |
CVE-2022-0155 |
高危 |
1.5.10 |
1.14.7 |
follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0155
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-01-10 20:15 修改: 2022-10-28 17:54
|
| fresh |
CVE-2017-16119 |
高危 |
0.3.0 |
0.5.2 |
nodejs-fresh: Regular expression denial of service when parsing crafted user input
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-16119
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2018-06-07 02:29 修改: 2019-10-09 23:24
|
| mongoose |
CVE-2022-2564 |
高危 |
5.7.5 |
6.4.6, 5.13.15 |
automattic/mongoose vulnerable to Prototype pollution via Schema.path
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2564
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-07-28 20:15 修改: 2024-03-12 17:30
|
| mongoose |
CVE-2024-53900 |
高危 |
5.7.5 |
8.8.3, 7.8.3, 6.13.5 |
Mongoose search injection vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53900
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2024-12-02 20:15 修改: 2024-12-04 04:15
|
| node-fetch |
CVE-2022-0235 |
高危 |
1.7.3 |
3.1.1, 2.6.7 |
node-fetch: exposure of sensitive information to an unauthorized actor
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0235
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-01-16 17:15 修改: 2023-02-03 19:16
|
| hawk |
CVE-2022-29167 |
高危 |
3.1.3 |
9.0.1 |
hawk: REDoS in hawk.utils.parseHost() when parsing Host header
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29167
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-05-05 23:15 修改: 2023-07-21 16:42
|
| path-to-regexp |
CVE-2024-45296 |
高危 |
1.7.0 |
1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 |
path-to-regexp: Backtracking regular expressions cause ReDoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45296
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2024-09-09 19:15 修改: 2024-09-10 12:09
|
| qs |
CVE-2017-1000048 |
高危 |
4.0.0 |
6.0.4, 6.1.2, 6.2.3, 6.3.2 |
nodejs-qs: Prototype override protection bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-1000048
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2017-07-17 13:18 修改: 2017-12-31 02:29
|
| qs |
CVE-2022-24999 |
高危 |
4.0.0 |
6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4 |
express: "qs" prototype poisoning causes the hang of the node process
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24999
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-11-26 22:15 修改: 2023-09-08 17:15
|
| qs |
CVE-2022-24999 |
高危 |
6.4.0 |
6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4 |
express: "qs" prototype poisoning causes the hang of the node process
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24999
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-11-26 22:15 修改: 2023-09-08 17:15
|
| qs |
CVE-2022-24999 |
高危 |
6.5.1 |
6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4 |
express: "qs" prototype poisoning causes the hang of the node process
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24999
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-11-26 22:15 修改: 2023-09-08 17:15
|
| qs |
CVE-2022-24999 |
高危 |
6.5.2 |
6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4 |
express: "qs" prototype poisoning causes the hang of the node process
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24999
镜像层: sha256:0b7ff74144e39a574a7d44cbce3a9803a00735bf5091115f5480e36c74d60fb7
发布日期: 2022-11-26 22:15 修改: 2023-09-08 17:15
|
| qs |
CVE-2022-24999 |
高危 |
6.5.2 |
6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4 |
express: "qs" prototype poisoning causes the hang of the node process
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24999
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-11-26 22:15 修改: 2023-09-08 17:15
|
| qs |
CVE-2022-24999 |
高危 |
6.7.0 |
6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4 |
express: "qs" prototype poisoning causes the hang of the node process
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24999
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-11-26 22:15 修改: 2023-09-08 17:15
|
| semver |
CVE-2022-25883 |
高危 |
5.5.0 |
7.5.2, 6.3.1, 5.7.2 |
nodejs-semver: Regular expression denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2023-06-21 05:15 修改: 2024-12-06 17:15
|
| semver |
CVE-2022-25883 |
高危 |
5.7.1 |
7.5.2, 6.3.1, 5.7.2 |
nodejs-semver: Regular expression denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883
镜像层: sha256:0b7ff74144e39a574a7d44cbce3a9803a00735bf5091115f5480e36c74d60fb7
发布日期: 2023-06-21 05:15 修改: 2024-12-06 17:15
|
| sshpk |
CVE-2018-3737 |
高危 |
1.13.1 |
1.13.2 |
nodejs-sshpk: ReDoS when parsing crafted invalid public keys in lib/formats/ssh.js
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-3737
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2018-06-07 02:29 修改: 2023-01-30 16:06
|
| sshpk |
NSWG-ECO-401 |
高危 |
1.13.1 |
>=1.13.2 |
Denial of Service
漏洞详情: https://hackerone.com/reports/319593
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| string |
CVE-2017-16116 |
高危 |
3.3.3 |
|
Regular Expression Denial of Service in string package
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-16116
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2018-06-07 02:29 修改: 2019-10-09 23:24
|
| tar |
CVE-2021-32803 |
高危 |
4.4.13 |
3.2.3, 4.4.15, 5.0.7, 6.1.2 |
nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32803
镜像层: sha256:0b7ff74144e39a574a7d44cbce3a9803a00735bf5091115f5480e36c74d60fb7
发布日期: 2021-08-03 19:15 修改: 2022-07-02 18:28
|
| tar |
CVE-2021-32804 |
高危 |
4.4.13 |
3.2.2, 4.4.14, 5.0.6, 6.1.1 |
nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32804
镜像层: sha256:0b7ff74144e39a574a7d44cbce3a9803a00735bf5091115f5480e36c74d60fb7
发布日期: 2021-08-03 19:15 修改: 2022-04-25 19:12
|
| tar |
CVE-2021-37701 |
高危 |
4.4.13 |
4.4.16, 5.0.8, 6.1.7 |
nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37701
镜像层: sha256:0b7ff74144e39a574a7d44cbce3a9803a00735bf5091115f5480e36c74d60fb7
发布日期: 2021-08-31 17:15 修改: 2023-01-19 20:11
|
| tar |
CVE-2021-37712 |
高危 |
4.4.13 |
4.4.18, 5.0.10, 6.1.9 |
nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37712
镜像层: sha256:0b7ff74144e39a574a7d44cbce3a9803a00735bf5091115f5480e36c74d60fb7
发布日期: 2021-08-31 17:15 修改: 2023-02-23 02:28
|
| tar |
CVE-2021-37713 |
高危 |
4.4.13 |
4.4.18, 5.0.10, 6.1.9 |
nodejs-tar: Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37713
镜像层: sha256:0b7ff74144e39a574a7d44cbce3a9803a00735bf5091115f5480e36c74d60fb7
发布日期: 2021-08-31 17:15 修改: 2022-04-25 18:40
|
| hoek |
CVE-2020-36604 |
高危 |
2.16.3 |
|
hapi/hoek: Prototype Pollution in @hapi/hoek
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36604
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-09-23 06:15 修改: 2023-11-07 03:22
|
| http-cache-semantics |
CVE-2022-25881 |
高危 |
3.8.1 |
4.1.1 |
http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25881
镜像层: sha256:0b7ff74144e39a574a7d44cbce3a9803a00735bf5091115f5480e36c74d60fb7
发布日期: 2023-01-31 05:15 修改: 2023-11-07 03:44
|
| urijs |
CVE-2021-27516 |
高危 |
1.19.1 |
1.19.6 |
nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-27516
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2021-02-22 00:15 修改: 2022-11-29 15:01
|
| urijs |
CVE-2022-1243 |
高危 |
1.19.1 |
1.19.11 |
Incorrect protocol extraction via \r, \n and \t characters
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1243
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-04-05 15:15 修改: 2023-07-24 13:46
|
| ip |
CVE-2024-29415 |
高危 |
1.1.5 |
|
node-ip: Incomplete fix for CVE-2023-42282
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29415
镜像层: sha256:0b7ff74144e39a574a7d44cbce3a9803a00735bf5091115f5480e36c74d60fb7
发布日期: 2024-05-27 20:15 修改: 2025-01-17 20:15
|
| js-yaml |
GHSA-8j8c-7jfh-h6hx |
高危 |
3.10.0 |
3.13.1 |
Code Injection in js-yaml
漏洞详情: https://github.com/advisories/GHSA-8j8c-7jfh-h6hx
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| async |
CVE-2021-43138 |
高危 |
2.1.2 |
3.2.2, 2.6.4 |
async: Prototype Pollution in async
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43138
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-04-06 17:15 修改: 2024-06-21 19:15
|
| axios |
CVE-2021-3749 |
高危 |
0.18.1 |
0.21.2 |
nodejs-axios: Regular expression denial of service in trim function
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3749
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2021-08-31 11:15 修改: 2023-11-07 03:38
|
| json5 |
CVE-2022-46175 |
高危 |
0.5.1 |
2.2.2, 1.0.2 |
json5: Prototype Pollution in JSON5 via Parse Method
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-46175
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-12-24 04:15 修改: 2023-11-26 01:15
|
| jsonwebtoken |
CVE-2022-23539 |
高危 |
7.4.1 |
9.0.0 |
jsonwebtoken: Unrestricted key type could lead to legacy keys usagen
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23539
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-12-23 00:15 修改: 2024-06-21 19:15
|
| base64url |
NSWG-ECO-428 |
高危 |
2.0.0 |
>=3.0.0 |
Out-of-bounds Read
漏洞详情: https://hackerone.com/reports/321687
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| ansi-regex |
CVE-2021-3807 |
高危 |
3.0.0 |
6.0.1, 5.0.1, 4.1.1, 3.0.1 |
nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3807
镜像层: sha256:0b7ff74144e39a574a7d44cbce3a9803a00735bf5091115f5480e36c74d60fb7
发布日期: 2021-09-17 07:15 修改: 2023-07-10 19:01
|
| ansi-regex |
CVE-2021-3807 |
高危 |
4.1.0 |
6.0.1, 5.0.1, 4.1.1, 3.0.1 |
nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3807
镜像层: sha256:0b7ff74144e39a574a7d44cbce3a9803a00735bf5091115f5480e36c74d60fb7
发布日期: 2021-09-17 07:15 修改: 2023-07-10 19:01
|
| jsrsasign |
CVE-2020-14966 |
高危 |
8.0.12 |
8.0.19 |
ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14966
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2020-06-22 12:15 修改: 2023-01-28 00:57
|
| ws |
CVE-2024-37890 |
高危 |
2.3.1 |
5.2.4, 6.2.3, 7.5.10, 8.17.1 |
nodejs-ws: denial of service when handling a request with many HTTP headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37890
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2024-06-17 20:15 修改: 2024-06-20 12:44
|
| ws |
GHSA-5v72-xg48-5rpm |
高危 |
2.3.1 |
1.1.5, 3.3.1 |
Denial of Service in ws
漏洞详情: https://github.com/advisories/GHSA-5v72-xg48-5rpm
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| yarn |
CVE-2021-4435 |
高危 |
1.22.5 |
1.22.13 |
yarn: untrusted search path
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-4435
镜像层: sha256:853f8f81c1aadaf53ce342928ecb1bbd9f57a25614998142c6366e5a3b9d266b
发布日期: 2024-02-04 20:15 修改: 2024-02-13 00:38
|
| lodash-es |
CVE-2019-1010266 |
中危 |
4.17.5 |
4.17.11 |
lodash: uncontrolled resource consumption in Data handler causing denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-1010266
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2019-07-17 21:15 修改: 2020-09-30 13:40
|
| lodash-es |
CVE-2020-28500 |
中危 |
4.17.5 |
4.17.21 |
nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28500
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2021-02-15 11:15 修改: 2022-09-13 21:18
|
| markdown-it |
CVE-2022-21670 |
中危 |
8.4.0 |
12.3.2 |
markdown-it is a Markdown parser. Prior to version 1.3.2, special patt ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21670
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-01-10 21:15 修改: 2023-07-24 13:54
|
| request |
CVE-2023-28155 |
中危 |
2.81.0 |
|
The Request package through 2.88.1 for Node.js allows a bypass of SSRF ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28155
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2023-03-16 15:15 修改: 2024-08-02 13:15
|
| request |
CVE-2023-28155 |
中危 |
2.88.0 |
|
The Request package through 2.88.1 for Node.js allows a bypass of SSRF ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28155
镜像层: sha256:0b7ff74144e39a574a7d44cbce3a9803a00735bf5091115f5480e36c74d60fb7
发布日期: 2023-03-16 15:15 修改: 2024-08-02 13:15
|
| follow-redirects |
CVE-2022-0536 |
中危 |
1.5.10 |
1.14.8 |
follow-redirects: Exposure of Sensitive Information via Authorization Header leak
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0536
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-02-09 11:15 修改: 2023-08-02 09:15
|
| jsonwebtoken |
CVE-2022-23540 |
中危 |
7.4.1 |
9.0.0 |
jsonwebtoken: Insecure default algorithm in jwt.verify() could lead to signature validation bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23540
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-12-22 19:15 修改: 2024-06-21 19:15
|
| jsonwebtoken |
CVE-2022-23541 |
中危 |
7.4.1 |
9.0.0 |
jsonwebtoken: Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23541
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-12-22 18:15 修改: 2024-06-21 19:15
|
| minimist |
CVE-2020-7598 |
中危 |
0.0.8 |
0.2.1, 1.2.3 |
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7598
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2020-03-11 23:15 修改: 2022-04-22 19:02
|
| follow-redirects |
CVE-2023-26159 |
中危 |
1.5.10 |
1.15.4 |
follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26159
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2024-01-02 05:15 修改: 2024-01-23 03:15
|
| stringstream |
CVE-2018-21270 |
中危 |
0.0.5 |
0.0.6 |
nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-21270
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2020-12-03 21:15 修改: 2021-02-16 14:35
|
| stringstream |
NSWG-ECO-422 |
中危 |
0.0.5 |
>=0.0.6 |
Out-of-bounds Read
漏洞详情: https://hackerone.com/reports/321670
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| follow-redirects |
CVE-2024-28849 |
中危 |
1.5.10 |
1.15.6 |
follow-redirects: Possible credential leak
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28849
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2024-03-14 17:15 修改: 2024-03-23 03:15
|
| cross-fetch |
CVE-2022-1365 |
中危 |
0.0.8 |
3.1.5, 2.2.6 |
cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1365
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-04-15 23:15 修改: 2022-11-22 19:16
|
| got |
CVE-2022-33987 |
中危 |
6.7.1 |
12.1.0, 11.8.5 |
nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-33987
镜像层: sha256:0b7ff74144e39a574a7d44cbce3a9803a00735bf5091115f5480e36c74d60fb7
发布日期: 2022-06-18 21:15 修改: 2022-06-28 16:15
|
| moment-timezone |
GHSA-v78c-4p63-2j6c |
中危 |
0.5.25 |
0.5.35 |
Cleartext Transmission of Sensitive Information in moment-timezone
漏洞详情: https://github.com/advisories/GHSA-v78c-4p63-2j6c
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| axios |
CVE-2023-45857 |
中危 |
0.18.1 |
1.6.0, 0.28.0 |
axios: exposure of confidential data stored in cookies
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45857
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2023-11-08 21:15 修改: 2024-06-21 19:15
|
| tar |
CVE-2024-28863 |
中危 |
4.4.13 |
6.2.1 |
node-tar: denial of service while parsing a tar file due to lack of folders depth validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28863
镜像层: sha256:0b7ff74144e39a574a7d44cbce3a9803a00735bf5091115f5480e36c74d60fb7
发布日期: 2024-03-21 23:15 修改: 2024-06-10 17:16
|
| ajv |
CVE-2020-15366 |
中危 |
4.11.8 |
6.12.3 |
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15366
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2020-07-15 20:15 修改: 2024-06-21 19:15
|
| tough-cookie |
CVE-2023-26136 |
中危 |
2.3.4 |
4.1.3 |
tough-cookie: prototype pollution in cookie memstore
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26136
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2023-07-01 05:15 修改: 2024-06-21 19:15
|
| tough-cookie |
CVE-2023-26136 |
中危 |
2.4.3 |
4.1.3 |
tough-cookie: prototype pollution in cookie memstore
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26136
镜像层: sha256:0b7ff74144e39a574a7d44cbce3a9803a00735bf5091115f5480e36c74d60fb7
发布日期: 2023-07-01 05:15 修改: 2024-06-21 19:15
|
| jsrsasign |
GHSA-g753-jx37-7xwh |
中危 |
8.0.12 |
8.0.13 |
ECDSA signature vulnerability of Minerva timing attack in jsrsasign
漏洞详情: https://github.com/advisories/GHSA-g753-jx37-7xwh
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| jsrsasign |
GHSA-h87q-g2wp-47pj |
中危 |
8.0.12 |
10.2.0 |
Signatures are mistakenly recognized to be valid in jsrsasign
漏洞详情: https://github.com/advisories/GHSA-h87q-g2wp-47pj
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| base64url |
GHSA-rvg8-pwq2-xj7q |
中危 |
2.0.0 |
3.0.0 |
Out-of-bounds Read in base64url
漏洞详情: https://github.com/advisories/GHSA-rvg8-pwq2-xj7q
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| urijs |
CVE-2020-26291 |
中危 |
1.19.1 |
1.19.4 |
urijs: Hostname spoofing via backslashes in URL
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-26291
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2020-12-31 00:15 修改: 2022-11-29 15:00
|
| urijs |
CVE-2021-3647 |
中危 |
1.19.1 |
1.19.7 |
URIjs Vulnerable to Hostname spoofing via backslashes in URL
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3647
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2021-07-16 11:15 修改: 2021-07-28 20:04
|
| urijs |
CVE-2022-0613 |
中危 |
1.19.1 |
1.19.8 |
urijs: Authorization Bypass Through User-Controlled Key
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0613
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-02-16 09:15 修改: 2023-11-07 03:41
|
| urijs |
CVE-2022-0868 |
中危 |
1.19.1 |
1.19.10 |
Open Redirect in urijs
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0868
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-03-06 16:15 修改: 2022-03-11 16:55
|
| urijs |
CVE-2022-1233 |
中危 |
1.19.1 |
1.19.11 |
URL Confusion When Scheme Not Supplied in medialize/uri.js
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1233
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-04-04 20:15 修改: 2022-11-29 14:42
|
| urijs |
CVE-2022-24723 |
中危 |
1.19.1 |
1.19.9 |
urijs: Leading white space bypasses protocol validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24723
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2022-03-03 21:15 修改: 2023-07-03 20:35
|
| validator |
CVE-2021-3765 |
中危 |
9.4.1 |
13.7.0 |
validator: Inefficient Regular Expression Complexity in Validator.js
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3765
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2021-11-02 07:15 修改: 2023-07-07 19:27
|
| ajv |
CVE-2020-15366 |
中危 |
5.5.2 |
6.12.3 |
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15366
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2020-07-15 20:15 修改: 2024-06-21 19:15
|
| mpath |
CVE-2021-23438 |
中危 |
0.6.0 |
0.8.4 |
mpath: type confusion can lead to a bypass of CVE-2018-16490
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23438
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2021-09-01 19:15 修改: 2021-09-10 15:23
|
| mquery |
CVE-2020-35149 |
中危 |
3.2.2 |
3.2.3 |
mquery: Code injection via merge or clone operation
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35149
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2020-12-11 19:15 修改: 2020-12-14 21:12
|
| bson |
CVE-2019-2391 |
中危 |
1.1.0 |
1.1.4 |
Incorrect parsing of certain JSON input may result in js-bson not corr ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-2391
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2020-03-31 14:15 修改: 2023-06-19 16:15
|
| js-yaml |
GHSA-2pr6-76vf-7546 |
中危 |
3.10.0 |
3.13.0 |
Denial of Service in js-yaml
漏洞详情: https://github.com/advisories/GHSA-2pr6-76vf-7546
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| nodemailer |
CVE-2021-23400 |
中危 |
4.0.1 |
6.6.1 |
The package nodemailer before 6.6.1 are vulnerable to HTTP Header Inje ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23400
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2021-06-29 12:15 修改: 2021-07-06 18:48
|
| nodemailer |
GHSA-9h6g-pr28-7cqp |
中危 |
4.0.1 |
6.9.9 |
nodemailer ReDoS when trying to send a specially crafted email
漏洞详情: https://github.com/advisories/GHSA-9h6g-pr28-7cqp
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| path-parse |
CVE-2021-23343 |
中危 |
1.0.6 |
1.0.7 |
nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23343
镜像层: sha256:0b7ff74144e39a574a7d44cbce3a9803a00735bf5091115f5480e36c74d60fb7
发布日期: 2021-05-04 09:15 修改: 2023-11-07 03:30
|
| lodash |
CVE-2019-1010266 |
中危 |
4.17.5 |
4.17.11 |
lodash: uncontrolled resource consumption in Data handler causing denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-1010266
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2019-07-17 21:15 修改: 2020-09-30 13:40
|
| lodash |
CVE-2020-28500 |
中危 |
4.17.5 |
4.17.21 |
nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28500
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2021-02-15 11:15 修改: 2022-09-13 21:18
|
| vm2 |
CVE-2023-32313 |
中危 |
3.9.1 |
3.9.18 |
vm2: Inspect Manipulation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32313
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2023-05-15 20:15 修改: 2023-05-24 20:43
|
| extend |
CVE-2018-16492 |
中危 |
3.0.1 |
3.0.2, 2.0.2 |
nodejs-extend: Prototype pollution can allow attackers to modify object properties
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-16492
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2019-02-01 18:29 修改: 2019-10-09 23:36
|
| axios |
CVE-2020-28168 |
中危 |
0.18.1 |
0.21.1 |
nodejs-axios: allows an attacker to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28168
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2020-11-06 20:15 修改: 2023-11-07 03:21
|
| bson |
CVE-2019-2391 |
中危 |
1.1.1 |
1.1.4 |
Incorrect parsing of certain JSON input may result in js-bson not corr ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-2391
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2020-03-31 14:15 修改: 2023-06-19 16:15
|
| cookie |
CVE-2024-47764 |
低危 |
0.3.1 |
0.7.0 |
cookie: cookie accepts cookie name, path, and domain with out of bounds characters
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47764
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2024-10-04 20:15 修改: 2024-10-07 17:48
|
| hoek |
CVE-2018-3728 |
低危 |
2.16.3 |
>=5.0.3 >=4.2.1 |
hoek: Prototype pollution in utilities function
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-3728
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 2018-03-30 19:29 修改: 2019-10-09 23:40
|
| moment-timezone |
GHSA-56x4-j7p9-fcf9 |
低危 |
0.5.25 |
0.5.35 |
Command Injection in moment-timezone
漏洞详情: https://github.com/advisories/GHSA-56x4-j7p9-fcf9
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| deep-extend |
NSWG-ECO-408 |
低危 |
0.5.0 |
>=0.5.1 |
deep-extend prototype pollution
漏洞详情: https://hackerone.com/reports/311333
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| deep-extend |
NSWG-ECO-408 |
低危 |
0.4.2 |
>=0.5.1 |
deep-extend prototype pollution
漏洞详情: https://hackerone.com/reports/311333
镜像层: sha256:1d1bfeaf970142725acc202432f58ddd3e06d51f22ac00efbca2cbd101572756
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| ip |
CVE-2023-42282 |
低危 |
1.1.5 |
2.0.1, 1.1.9 |
nodejs-ip: arbitrary code execution via the isPublic() function
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42282
镜像层: sha256:0b7ff74144e39a574a7d44cbce3a9803a00735bf5091115f5480e36c74d60fb7
发布日期: 2024-02-08 17:15 修改: 2024-10-09 15:14
|