formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this...
6.5CVSS
6.3AI Score
0.001EPSS
The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when showHidden is...
7.5CVSS
7.4AI Score
0.002EPSS
hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an...
8.8CVSS
8.4AI Score
0.01EPSS