Hackerone Security Vulnerabilities
curses is bindings for the native curses library, a full featured console IO library. curses downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled...
8.1CVSS
8.3AI Score
0.002EPSS
box2d-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the....
8.1CVSS
8.3AI Score
0.002EPSS
dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. dalek-browser-ie-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled...
8.1CVSS
8.2AI Score
0.002EPSS
Fuseki server wrapper and management API in fuseki before 1.0.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on...
8.1CVSS
8.3AI Score
0.002EPSS
Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver before 2.26.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if.....
8.1CVSS
8.2AI Score
0.002EPSS
Steroids is PhoneGap on Steroids, providing native UI elements, multiple WebViews and enhancements for better developer productivity. steroids downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out...
8.1CVSS
8.3AI Score
0.002EPSS
wasdk is a toolkit for creating WebAssembly modules. wasdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the...
8.1CVSS
8.3AI Score
0.002EPSS
nw is an installer for nw.js. nw downloads zipped resources over HTTP, It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote...
8.1CVSS
8.3AI Score
0.003EPSS
libxl provides Node bindings for the libxl library for reading and writing excel (XLS and XLSX) spreadsheets. libxl downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with.....
8.1CVSS
8.3AI Score
0.002EPSS
ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM...
8.1CVSS
7.8AI Score
0.001EPSS
imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if.....
8.1CVSS
8.3AI Score
0.002EPSS
closurecompiler is a Closure Compiler for node.js. closurecompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on....
8.1CVSS
8.3AI Score
0.002EPSS
5.9CVSS
5.6AI Score
0.001EPSS
arrayfire-js is a module for ArrayFire for the Node.js platform. arrayfire-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the...
7.5CVSS
7.8AI Score
0.002EPSS
apk-parser3 is a module to extract Android Manifest info from an APK file. apk-parser3 versions before 0.1.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an...
8.1CVSS
8.1AI Score
0.002EPSS
Kindlegen is a simple Node.js wrapper of the official kindlegen program. Kindlegen versions before 1.1.0 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker...
8.1CVSS
8.2AI Score
0.002EPSS
nodewebkit is an installer for node-webkit. nodewebkit downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the...
8.1CVSS
8.3AI Score
0.002EPSS
jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM...
8.1CVSS
7.8AI Score
0.002EPSS
jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads executable resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested file with an attacker controlled file if the attacker is on the...
8.1CVSS
8.2AI Score
0.002EPSS
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres...
9.8CVSS
9.5AI Score
0.002EPSS
iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary...
8.1CVSS
8.3AI Score
0.002EPSS
During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further...
8.1CVSS
7.9AI Score
0.002EPSS
apk-parser is a tool to extract Android Manifest info from an APK file. apk-parser versions below 0.1.6 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker...
8.1CVSS
8.1AI Score
0.002EPSS
bkjs-wand is imagemagick wand support for node.js and backendjs bkjs-wand versions lower than 0.3.2 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker...
8.1CVSS
8.3AI Score
0.002EPSS
embedza is a module to create HTML snippets/embeds from URLs using info from oEmbed, Open Graph, meta tags. embedza versions below 1.2.4 download JavaScript resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the.....
8.1CVSS
8.1AI Score
0.002EPSS
mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker....
8.1CVSS
8.3AI Score
0.002EPSS
Since "algorithm" isn't enforced in jwt.decode()in jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key.....
6.5CVSS
6.2AI Score
0.001EPSS
appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled...
8.1CVSS
8.2AI Score
0.002EPSS
galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled...
8.1CVSS
8.2AI Score
0.002EPSS
operadriver is a Opera Driver for Selenium. operadriver versions below 0.2.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the...
8.1CVSS
8.2AI Score
0.002EPSS
Bitty is a development web server tool that functions similar to python -m SimpleHTTPServer. Version 0.2.10 has a directory traversal vulnerability that is exploitable via the URL path in GET...
5.3CVSS
5.2AI Score
0.001EPSS
engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. The vulnerability is related to the way that node.js handles the rejectUnauthorized setting. If the value is something that evaluates...
5.9CVSS
5.6AI Score
0.001EPSS
Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as...
6.1CVSS
6AI Score
0.002EPSS
Sails is an MVC style framework for building realtime web applications. Version 0.12.7 and lower have an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This would allow an attacker to make AJAX requests...
4.4CVSS
4.3AI Score
0.001EPSS
backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the Model#Escape function of backbone 0.3.3 and earlier, if a user is...
5.4CVSS
5.4AI Score
0.0005EPSS
uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data will....
5.9CVSS
5.6AI Score
0.001EPSS
An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system...
9.8CVSS
9.7AI Score
0.002EPSS
csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses ===, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses....
5.9CVSS
5.6AI Score
0.002EPSS
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a ws server, it is possible to crash the node process. This affects ws 1.1.0 and...
7.5CVSS
7.3AI Score
0.001EPSS
Arbitrary code execution is possible in reduce-css-calc node module <=1.2.4 through crafted css. This makes cross sites scripting (XSS) possible on the client and arbitrary code injection possible on the server and user input is passed to the calc...
6.1CVSS
6.5AI Score
0.002EPSS
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and...
9.8CVSS
9.7AI Score
0.002EPSS
console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application 2.2.13 and earlier is able to run. This means that if console-io was running...
9.8CVSS
9.6AI Score
0.003EPSS
express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for GET /User?distinct=password and get all the passwords for all the users in the...
8.8CVSS
8.5AI Score
0.001EPSS
The package node-cli before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access...
3.5CVSS
3.9AI Score
0.001EPSS
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted...
7.5CVSS
7.3AI Score
0.001EPSS
7.4CVSS
7.4AI Score
0.002EPSS
marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (sanitize: true) to inject a javascript: URL. This flaw exists because...
6.1CVSS
6.2AI Score
0.001EPSS
electron-packager is a command line tool that packages Electron source code into .app and .exe packages. along with Electron. The --strict-ssl command line option in electron-packager >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2 defaults to false if not explicitly set to true. This could allow...
5.9CVSS
5.7AI Score
0.001EPSS
call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation...
5.3CVSS
5.2AI Score
0.001EPSS
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the limit or order parameters, a malicious user can put in their own SQL statements. This affects sequelize....
9.8CVSS
9.5AI Score
0.002EPSS