Export limit exceeded: 341187 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 24793 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24793 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16205 | 1 Coffescript Project | 1 Coffescript | 2024-11-21 | N/A |
| The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | ||||
| CVE-2017-16204 | 1 Jquey Project | 1 Jquey | 2024-11-21 | N/A |
| The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | ||||
| CVE-2017-16203 | 1 Coffescript Project | 1 Coffescript | 2024-11-21 | N/A |
| The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | ||||
| CVE-2017-16202 | 1 Cofeescript Project | 1 Cofeescript | 2024-11-21 | N/A |
| The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | ||||
| CVE-2017-16138 | 2 Mime Project, Redhat | 2 Mime, Quay | 2024-11-21 | N/A |
| The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input. | ||||
| CVE-2017-16137 | 2 Debug Project, Redhat | 2 Debug, Quay | 2024-11-21 | N/A |
| The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue. | ||||
| CVE-2017-16136 | 1 Expressjs | 1 Method-override | 2024-11-21 | N/A |
| method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed via the X-HTTP-Method-Override header. | ||||
| CVE-2017-16126 | 1 Botbait Project | 1 Botbait | 2024-11-21 | N/A |
| The module botbait is a tool to be used to track bot and automated tools usage with-in the npm ecosystem. botbait is known to record and track user information. The module tracks the following information. Source IP process.versions process.platform How the module was invoked (test, require, pre-install) | ||||
| CVE-2017-16113 | 1 Parsejson Project | 1 Parsejson | 2024-11-21 | N/A |
| The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed. | ||||
| CVE-2017-16081 | 1 Cross-env.js Project | 1 Cross-env.js | 2024-11-21 | N/A |
| cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||||
| CVE-2017-16080 | 1 Nodesass Project | 1 Nodesass | 2024-11-21 | N/A |
| nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||||
| CVE-2017-16079 | 1 Smb Project | 1 Smb | 2024-11-21 | N/A |
| smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||||
| CVE-2017-16078 | 1 Shadowsock Project | 1 Shadowsock | 2024-11-21 | N/A |
| shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||||
| CVE-2017-16077 | 1 Mongose Project | 1 Mongose | 2024-11-21 | N/A |
| mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||||
| CVE-2017-16076 | 1 Proxy.js Project | 1 Proxy.js | 2024-11-21 | N/A |
| proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||||
| CVE-2017-16075 | 1 Http-proxy.js Project | 1 Http-proxy.js | 2024-11-21 | N/A |
| http-proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||||
| CVE-2017-16074 | 1 Crossenv Project | 1 Crossenv | 2024-11-21 | N/A |
| crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||||
| CVE-2017-16073 | 1 Noderequest Project | 1 Noderequest | 2024-11-21 | N/A |
| noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||||
| CVE-2017-16072 | 1 Nodemailer.js Project | 1 Nodemailer.js | 2024-11-21 | N/A |
| nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||||
| CVE-2017-16071 | 1 Nodemailer-js Project | 1 Nodemailer-js | 2024-11-21 | N/A |
| nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||||