Skip to main content

Node.js

1070 CVEs product

Monthly

CVE-2026-54504 npm HIGH POC PATCH This Week

Missing authentication in @andrea9293/mcp-documentation-server v1.13.0 exposes its document-management Web UI/API on all network interfaces (0.0.0.0:3080) instead of localhost, letting any adjacent-network client read, add, search, and delete documents in the MCP knowledge base without credentials. Rated CVSS 8.8 (CWE-306), the flaw is exploitable by unauthenticated attackers reachable over the same LAN, VM network, Docker bridge, or VPN. A detailed proof-of-concept exists in the reporter's advisory, though there is no public exploit identified as being used in active attacks and it is not listed in CISA KEV; the vendor fixed it in v1.13.1.

Docker Authentication Bypass Node.js RCE
NVD GitHub
CVSS 3.1
8.8
CVE-2026-50289 npm HIGH POC PATCH This Week

OS command injection in the Node.js `systeminformation` library (npm, versions <= 5.31.6) lets a local actor run arbitrary commands with the privileges of any process that calls `networkInterfaces()` on Linux. While collecting DHCP state, `checkLinuxDCHPInterfaces()` reads Debian/Ubuntu `interfaces(5)` files and interpolates each `source <path>` token - read from file content - unquoted into a `cat ... | grep` string executed via `execSync()`/`/bin/sh`. Publicly available exploit code exists (a verbatim-sink PoC in the advisory); there is no CISA KEV listing and no CVSS score was assigned by the source, but a vendor patch (5.31.7) is available.

Debian Node.js Apple Microsoft Ubuntu +1
NVD GitHub
CVE-2026-15921 LOW PATCH Monitor

Path traversal in nvm versions 0.32.1 through 0.40.5 allows a hostile Node.js mirror to overwrite arbitrary files in the victim's home directory, including shell startup files, leading to code execution on the next shell session. The vulnerability exists in `nvm ls-remote`, `nvm install --lts`, and any other nvm command that refreshes remote LTS aliases by fetching and parsing a mirror's `index.tab` - the LTS codename field is used as an alias filename without sanitization, permitting sequences like `../../../.bashrc` to escape `$NVM_DIR/alias`. No public exploit identified at time of analysis, but a working proof-of-concept is embedded in the upstream test suite added in the fix commit.

Node.js Path Traversal RCE Nvm
NVD GitHub
CVSS 4.0
2.1
CVE-2026-55410 MEDIUM PATCH This Month

Command injection in NocoBase's @nocobase/plugin-backups prior to v2.1.19 allows an authenticated backup-management user to execute arbitrary OS commands as the NocoBase server process by restoring a crafted backup archive. The database.schema field from a backup's _metadata.json is interpolated directly into a shell command string passed to Node.js child_process.exec(), a classic CWE-78 pattern that bypasses any sanitization at the shell level. No active exploitation confirmed (not in CISA KEV) and no public exploit identified at time of analysis, but the commit diff confirms the mechanism is straightforward and the fix is available in v2.1.19.

Node.js Command Injection PostgreSQL Nocobase
NVD GitHub
CVSS 3.1
6.7
CVE-2026-15895 HIGH PATCH This Week

OS command injection in AWS jsii-diff before 1.131.0 lets a context-dependent attacker execute arbitrary shell commands when a victim runs the tool against an attacker-controlled 'npm:' source specifier. The npm package-loading component fails to sanitize the package specifier before passing it to a shell, so a crafted specifier is interpreted as a command. No public exploit has been identified at time of analysis and it is not listed in CISA KEV; a vendor-released patch (v1.131.0) is available.

Node.js Command Injection
NVD GitHub
CVSS 4.0
8.4
CVE-2026-40501 HIGH POC PATCH This Week

Remote code execution in Cherry Studio 1.2.2 through 1.9.12 lets attackers who control search-provider content run arbitrary Node.js code because the SearchService loads that content into an Electron BrowserWindow with nodeIntegration enabled and contextIsolation disabled. An attacker controlling a search engine provider, search result page, or provider settings page can execute JavaScript with full Node.js privileges under the OS account running the app. Publicly available exploit code exists (VulnCheck/Mundi-Xu gist) and a vendor patch (commit 1518530) is available; the flaw is not currently listed in CISA KEV.

Node.js RCE Cherry Studio
NVD GitHub
CVSS 4.0
8.6
CVE-2026-11403 HIGH PATCH This Week

Improper API key generation in Sonatype Nexus Repository Manager lets a remote attacker impersonate a targeted user and perform repository operations on their behalf. The flaw stems from insufficient entropy (CWE-331) in format-specific API key realms, so an attacker who can predict or reconstruct a victim's key gains their access without credentials. The vendor (Sonatype) reported and patched the issue in release 3.93.0; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Docker Authentication Bypass Node.js Nexus Repository Manager
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-15697 LOW Monitor

Prototype pollution in svg.js (svgdotjs) up to version 3.2.5 allows a remote low-privileged attacker to inject arbitrary properties into JavaScript's shared Object.prototype via the EventTarget.on function of the npm package API. Depending on how consuming applications perform property lookups, this can lead to information disclosure, logic bypass, or integrity violations across the entire JavaScript runtime. No vendor patch exists - the maintainer has not responded to the responsible disclosure - and a proof-of-concept exists (CVSS E:P), though no confirmed active exploitation appears in CISA KEV.

Prototype Pollution Node.js Information Disclosure Svg Js
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-58486 HIGH This Week

Denial of service in HedgeDoc before 1.11.0 lets a user who can store a note crash the instance by embedding a YAML "alias bomb" in the note frontmatter. Because HedgeDoc parsed frontmatter with the unsafe js-yaml v3 load (via @hedgedoc/meta-marked) and resolved anchor aliases, a compact ten-level payload expands into a massive object that blocks the single Node.js event loop for roughly 235 seconds on every request to the publish view (/s/<shortid>) or, under the opengraph key, the editor view (/<noteId>). No public exploit has been identified at time of analysis and the flaw is not in CISA KEV, but the stored payload persists in the database and re-triggers after process restarts, making outages durable until the note is deleted.

Node.js Denial Of Service Hedgedoc
NVD GitHub
CVSS 4.0
8.3
EPSS
0.2%
CVE-2026-62187 HIGH This Week

Authorization bypass in the @openclaw/feishu npm package (versions <= 2026.6.6) allows a lower-trust caller - or attacker-influenced input reaching a configured input path - to perform Feishu (Lark) actions that should have required stronger authorization, because per-account disablement can be ignored. Authenticated remote attackers can trigger unauthorized operations affecting confidentiality and integrity; no public exploit has been identified at time of analysis, and the flaw is fixed in version 2026.6.9. Real-world impact is gated by the operator's configuration and whether untrusted input can reach the affected feature.

Authentication Bypass Node.js Feishu
NVD GitHub
CVSS 4.0
8.6
EPSS
0.2%
CVE-2026-59817 MEDIUM PATCH This Month

Ghost CMS versions 6.27.0 through 6.43.x permit unauthenticated attackers to manipulate donation checkout metadata, enabling acquisition of full paid gift memberships for a minimal payment. The flaw, classified as CWE-472 (External Control of Assumed-Immutable Web Parameter), stems from the server trusting client-controlled parameters in the public-facing checkout flow that should be server-authoritative. No active exploitation is confirmed (not in CISA KEV) and no public exploit has been identified; the vendor released a fix in version 6.44.0.

Node.js Information Disclosure
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-57481 npm LOW PATCH Monitor

LiveQuery in Parse Server leaks unauthorized object field values to authenticated subscribers when a single save operation simultaneously modifies a sensitive field and the subscriber's ACL read access, because leave and enter events are built from the wrong object state. Affected deployments run parse-server below 8.6.83 (stable branch) or below 9.9.1-alpha.13 (v9 alpha branch) with LiveQuery enabled. The CVSS 4.0 score of 2.3 and AT:P prerequisite correctly reflect that exploitation is constrained to a specific co-mutation timing condition; no public exploit identified and no KEV listing exists at time of analysis.

Node.js Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.4%
CVE-2026-57480 npm HIGH PATCH This Week

Denial of service in Parse Server (versions prior to 8.6.82 and 9.9.1-alpha.12) allows remote attackers to hang the Node.js event loop by submitting deeply nested $or, $and, or $nor query operators through the REST API or LiveQuery interface, triggering exponential-time processing in the internal query-traversal helper. Because the vulnerable code path is reachable without authentication and consumes CPU without bound, a single crafted request can render the backend unresponsive to all clients. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Node.js Information Disclosure
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-49866 npm HIGH POC PATCH GHSA This Week

Remote denial of service in the JavaScript @libp2p/gossipsub module (all versions prior to 16.0.0) lets any connected peer stall a victim node by sending oversized IHAVE/IWANT control messages. Because defaultDecodeRpcLimits left maxIhaveMessageIDs and maxIwantMessageIDs set to Infinity, a single 4 MB RPC frame forces roughly 180,000 message IDs to be iterated synchronously, blocking the Node.js event loop and freezing the process. No public exploit identified at time of analysis; the flaw is remotely reachable without authentication against affected default configurations.

Node.js Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-49456 npm LOW PATCH GHSA Monitor

Open redirect in waku's `unstable_redirect()` server-side router helper allows a network attacker to redirect victims' browsers to arbitrary external domains - including phishing sites for credential harvesting and OAuth token theft - by injecting a malicious `location` string into any waku route that passes user-controlled query parameters to the function. The vulnerability affects waku 1.0.0-beta.0 across all supported runtime adapters (Node.js, Cloudflare Workers, Vercel Edge, Deno), as the reflection path in `handler.ts` is shared. A dynamic proof-of-concept was confirmed by the reporter in two independent Docker-based runs against commit 8e9f542; no vendor-released patch is confirmed at time of analysis, though a v1.0.0-beta.1 release tag appears in advisory references.

Node.js Open Redirect Docker
NVD GitHub
CVSS 3.1
3.1
CVE-2026-59892 HIGH PATCH This Week

Denial of service in OpenTelemetry JavaScript (@opentelemetry/propagator-jaeger) before 2.9.0 allows an unauthenticated remote attacker to crash a Node.js service by sending a malformed percent-encoded uber-trace-id or uberctx-* HTTP header. The JaegerPropagator passes header values to decodeURIComponent() without catching the resulting URIError, so the uncaught exception terminates the process. No public exploit identified at time of analysis, and this is not listed in CISA KEV; the fix is version 2.9.0.

Node.js Information Disclosure Opentelemetry Js
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-59871 HIGH PATCH This Week

Denial of service in node-tar prior to 7.5.18 allows unauthenticated network-reachable attackers to crash Node.js processes by submitting crafted tar archives containing all-digit PAX header path or linkpath values. The library incorrectly coerces these string values to JavaScript numbers in src/pax.ts, causing downstream path handling (normalizeWindowsPath(entry.path).split('/')) to throw an uncaught TypeError when it attempts to call a string method on a numeric value. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Node.js Information Disclosure Node Tar
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-59874 HIGH PATCH This Week

Denial of service in node-tar prior to 7.5.18 allows remote attackers to hang a Node.js application by feeding it a crafted tar archive: a checksum-valid header carrying a negative base-256 encoded entry size makes the tar.replace scanner advance zero bytes and re-parse the same header forever. No public exploit or active exploitation is identified at time of analysis, but the CVSS 4.0 base score of 8.7 reflects the high, easily-reachable availability impact. Only applications that call tar.replace on untrusted archive input are affected.

Node.js Denial Of Service Node Tar
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-59873 CRITICAL PATCH NEWS Act Now

Uncontrolled resource consumption in node-tar before 7.5.19 lets a small crafted gzip bomb exhaust disk space and CPU on any Node.js application that extracts or parses attacker-supplied tar archives. Because node-tar imposes no upper bound on total decompressed size, entry count, or compression ratio in its extract and parse paths, a tiny malicious file can inflate to consume all available storage and processing, causing denial of service. No public exploit has been identified, but the fix is a straightforward, well-documented behavior change published in the vendor advisory GHSA-23hp-3jrh-7fpw.

Node.js Denial Of Service Node Tar
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.3%
CVE-2026-59875 MEDIUM PATCH This Month

Process termination via crafted tar archive affects node-tar prior to 7.5.17, where NUL bytes in PAX path and linkpath header records are not sanitized before being passed to Node.js filesystem calls. Any application using node-tar to extract untrusted archives is susceptible to denial of service through an uncaught exception that crashes the Node.js process. No confirmed active exploitation or public exploit code has been identified at time of analysis; however, the low attack complexity (CVSS AC:L, PR:N) makes this trivial to trigger wherever attacker-controlled archive input reaches a vulnerable node-tar instance.

Node.js Information Disclosure Node Tar
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-55408 HIGH PATCH This Week

Remote code execution in Koodo Reader (versions 2.3.0 and earlier) lets an attacker who supplies a malicious EPUB file run arbitrary OS commands with the victim's privileges once the book is imported and opened. The flaw combines a dangerously permissive Electron IPC handler (nodeIntegrationInSubFrames enabled) with unsanitized innerHTML rendering of chapter content, turning ebook display into a Node.js code-execution primitive. No public exploit has been identified at time of analysis; the issue is fixed in version 2.3.1 and is not listed in CISA KEV.

Code Injection Node.js RCE Koodo Reader
NVD GitHub
CVSS 4.0
8.4
EPSS
0.2%
CVE-2026-14631 MEDIUM PATCH This Month

webpack-dev-server 5.2.5 and earlier crash the entire Node.js host process when an unauthenticated remote peer sends either an HTTP request with a malformed Host header or a WebSocket upgrade to the /ws endpoint with a malformed Origin header. The malformed value bypasses graceful error handling in the host-validation path, triggering an uncaught exception that terminates the dev server process entirely. Impact is confined to availability - no confidentiality loss and no code execution occur despite a misleading 'RCE' tag in the source intelligence, which appears to be a mislabeling inconsistent with the vendor description and CVSS vector (C:N/I:N). No public exploit or CISA KEV listing exists at time of analysis.

Node.js RCE Webpack Dev Server Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-58578 HIGH POC PATCH This Week

Denial of service in LobeChat before 2.2.10-canary.15 lets an authenticated user hang the entire Node.js server by importing a GitHub-hosted skill whose repository URL path contains a catastrophic-backtracking regex pattern. Because the malicious basePath is compiled into a dynamic regular expression in findSkillMd and matched synchronously against archive entries, a single request blocks the shared event loop for tens of seconds, denying service to all concurrent users. Publicly available exploit code exists and a vendor patch is available, though there is no public exploit identified as being used in active exploitation.

Node.js Denial Of Service Lobehub
NVD GitHub
CVSS 4.0
7.1
EPSS
0.3%
CVE-2026-45045 Go MEDIUM PATCH GHSA This Month

IP header spoofing in GoFiber's BalancerForward proxy middleware allows any remote unauthenticated attacker to inject a forged X-Real-IP header that upstream servers treat as authoritative. The middleware calls Header.Add() rather than Header.Set() when stamping the real client IP, causing the attacker-supplied value to remain as the first header instance - the one read by nginx, Express, Apache, and most HTTP servers for rate limiting, IP-based ACLs, and audit logging. No public exploit has been identified at time of analysis, but exploitation requires only the ability to set an arbitrary HTTP header, making this trivially accessible to any network attacker targeting deployments using the BalancerForward helper.

Authentication Bypass Nginx Node.js Apache
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.5%
CVE-2026-50143 npm HIGH POC PATCH GHSA This Week

Apify API token exfiltration in @apify/actors-mcp-server 0.10.7 lets a remote attacker steal a victim's bearer credential via URL authority injection (CWE-918/SSRF). Because getActorMCPServerURL() naively concatenates a trusted standby base URL with an attacker-controlled webServerMcpPath from an Actor definition, an Actor published with a value like '@attacker.example/mcp' causes the WHATWG URL parser to resolve the outbound connection to the attacker's host, and connectMCPClient() unconditionally forwards the victim's 'Authorization: Bearer <APIFY_TOKEN>' header there. Publicly available exploit code exists (a Docker-based PoC that captures the token on an attacker HTTPS server); no active exploitation is confirmed.

Python SSRF OpenSSL Node.js Docker +1
NVD GitHub
CVSS 3.1
8.1
CVE-2026-48819 npm MEDIUM PATCH GHSA This Month

Prototype pollution in @hey-api/openapi-ts affects all versions through 0.97.2, allowing remote unauthenticated attackers to substitute the prototype chain of the returned params slot object by passing a crafted key such as '$query___proto__' through any application that forwards user-supplied parameters to a generated SDK method. The flaw resides in a runtime template (dist/clients/core/params.ts) that is copied verbatim into every generated SDK, meaning every downstream npm package regenerated from this tool carries the vulnerable code - confirmed affected consumers include @opencode-ai/sdk and @trigger.dev/sdk. A functional proof-of-concept is publicly available; exploitation is not confirmed as actively exploited and is absent from CISA KEV.

Node.js Docker Code Injection Prototype Pollution
NVD GitHub
CVSS 3.1
4.8
CVE-2026-49857 npm HIGH POC PATCH GHSA This Week

Server-Side Request Forgery in auth-fetch-mcp v3.0.1 lets an attacker who controls the url argument of the auth_fetch or download_media MCP tools reach loopback and private-range services that the built-in assertSafeUrl() guard is supposed to block. The bypass works by encoding the target as an IPv4-mapped IPv6 literal (e.g. http://[::ffff:127.0.0.1]:PORT/), which Node's WHATWG URL parser normalizes to ::ffff:7f00:1 so the private-IP check falls through. A detailed, reproduced proof-of-concept exists (publicly available exploit code exists); there is no CISA KEV listing and no vendor-released patch identified at time of analysis. CVSS 3.1 is 7.4 (High); EPSS was not provided.

Node.js SSRF Docker Google
NVD GitHub
CVSS 3.1
7.4
CVE-2026-49856 npm MEDIUM PATCH GHSA This Month

SSRF policy bypass in jshookmcp 0.3.1 allows an authenticated MCP client with network domain access to probe internal RFC 1918 and reserved addresses that are explicitly blocked by all other network tools on the same server. The `network_icmp_probe` and `network_traceroute` handlers call `resolveHostname` directly without invoking the central `resolveAuthorizedTransportTarget` guard, creating an inconsistent enforcement boundary. No CISA KEV listing exists, but proof-of-concept test code demonstrating the bypass via the `handleCallTool` dispatch path is included in the GitHub advisory (GHSA-c5r6-m4mr-8q5j), confirming exploitability without external traffic.

SSRF Microsoft Node.js RCE Oracle
NVD GitHub
CVSS 3.1
4.3
CVE-2026-14181 HIGH PATCH This Week

Denial of service in @fastify/middie 9.1.0 through 9.3.2 lets remote unauthenticated attackers crash the Node.js process by sending request paths with malformed percent-encoded sequences. The standalone engine's URL normalization step fails to catch a synchronous decoder exception, terminating the process and taking down all connected clients until manual restart. Only applications that invoke middie.run directly on the standalone engine API are affected; there is no public exploit identified at time of analysis, and no EPSS or KEV data was provided.

Node.js Denial Of Service Fastify Middie
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-48801 npm HIGH POC PATCH GHSA This Week

Denial of service in linkify-it (npm) through v5.0.0 lets remote unauthenticated attackers wedge a rendering worker by submitting tens of KB of repeated email/link-like text. The core public API LinkifyIt.prototype.match runs an O(N²) scan loop that re-slices the input and re-runs unanchored fuzzy regex searches once per match, so 64 KB of "a@b.com" burns ~2.5 s of single-threaded CPU and 128 KB ~10 s. The flaw is inherited by markdown-it (~21.6M weekly npm downloads) whenever linkify:true is set, exposing forums, chat, wikis and AI chat UIs; publicly available exploit code (a PoC in the GHSA advisory) exists, but there is no evidence of active exploitation.

Apple Node.js Mattermost Denial Of Service Gitlab
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2026-48758 npm MEDIUM PATCH GHSA This Month

Signature type-binding bypass in @sigstore/core (npm) allows an attacker who controls the `payloadType` field of a DSSE envelope to substitute every ASCII character with a Unicode variant whose low byte matches, producing PAE bytes identical to a legitimate signature and causing verification to pass for a mismatched content type. All versions up to and including 3.2.0 are affected; a working proof-of-concept is included in the GitHub security advisory GHSA-jfc7-64v2-mr8c. The vulnerability is not confirmed in the CISA KEV catalog, but exploit code is publicly available, making exploitation straightforward for any attacker positioned to craft or relay DSSE envelopes.

Node.js Jwt Attack Information Disclosure
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2026-50017 npm MEDIUM PATCH GHSA This Month

Credential leakage in pnpm package manager versions prior to 10.34.0 and 11.4.0 exposes a developer's unscoped npm authentication token to attacker-controlled registries. When a project-level .npmrc overrides the registry URL without supplying its own auth token, pnpm incorrectly inherits and forwards the user's globally-configured unscoped _authToken to that foreign registry as an Authorization header. No public exploit has been identified at time of analysis, though the real-world impact is severe - a captured npm token can enable supply chain attacks via malicious package publishing.

Node.js Information Disclosure Pnpm
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2026-50021 npm HIGH POC PATCH GHSA This Week

Integrity-check bypass in the pnpm package manager (versions before 10.34.0/10.34.1 and 11.0.0-11.3.x) lets tampered packages install silently because the tarball extraction worker skips hash verification whenever the lockfile resolution has no `integrity` field. An attacker who can both edit `pnpm-lock.yaml` to drop the `integrity:` line and cause the referenced registry URL to serve altered content can push a malicious package through `pnpm install --frozen-lockfile` without any integrity error - a fail-open gap that npm's `npm ci` does not share. Publicly available exploit code exists; EPSS is low (0.12%, 2nd percentile) and the issue is not in CISA KEV.

Node.js Information Disclosure Pnpm
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-55413 CRITICAL PATCH Act Now

Stored code injection in ToolJet self-hosted (prior to 3.20.178-lts) lets any authenticated builder-role user - available on the free tier - overwrite a globally-shared marketplace plugin with arbitrary JavaScript that runs server-side with full Node.js capabilities (require, process). Because the poisoned plugin executes whenever any user on the instance runs a query that uses it, a single low-privileged account achieves remote code execution and an instance-wide supply-chain compromise. The flaw carries a CVSS 4.0 score of 9.4; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Code Injection Node.js RCE Tooljet
NVD GitHub
CVSS 4.0
9.4
EPSS
0.3%
CVE-2026-13311 HIGH This Week

Denial of service in the shell-quote Node.js library (versions prior to 1.8.5) lets remote attackers stall the single-threaded event loop by passing an attacker-controlled string into any code path that calls parse(). The flaw is purely algorithmic - parse() builds its token list with Array.prototype.concat as a reduce accumulator, giving O(n^2) behavior so even a small payload of plain space-separated words causes disproportionate CPU consumption. There is no public exploit identified at time of analysis and no KEV listing; impact is to availability only with no code execution or data disclosure despite the misleading 'RCE' source tag.

Node.js Denial Of Service RCE Shell Quote Red Hat +1
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.4%
CVE-2026-53943 npm CRITICAL PATCH GHSA Act Now

Web cache poisoning in the Ghost Node.js CMS before 6.37.0 lets an unauthenticated attacker inject an x-ghost-preview header that alters the rendered frontend response, which a shared caching layer then stores and serves to other visitors of the same page. When Ghost's public frontend and admin panel share a single domain, this request-specific preview output can be weaponized to hijack staff accounts; separate-domain deployments are not exposed. No public exploit is identified at time of analysis, and the issue carries a vendor CVSS of 9.6.

Node.js Information Disclosure Ghost
NVD GitHub
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-53944 MEDIUM PATCH This Month

Server-side request forgery (SSRF) filter bypass in Ghost CMS 6.0.9 through 6.21.0 allows remote unauthenticated attackers to direct the application to reach internal network services by supplying IPv6 literals that map to private IPv4 addresses, circumventing Ghost's outbound IP blocklist. The root cause is CWE-184 (Incomplete List of Disallowed Inputs): the filter validates against RFC 1918 private ranges but does not normalize IPv6-mapped IPv4 notation before comparison. No public exploit code has been identified at time of analysis, and no CISA KEV listing exists; Ghost 6.21.1 resolves the issue.

Node.js Authentication Bypass Ghost
NVD GitHub
CVSS 3.1
5.8
EPSS
0.2%
CVE-2026-53945 MEDIUM PATCH This Month

DNS rebinding bypasses Ghost CMS's private-IP validation for outbound HTTP requests, enabling server-side request forgery (SSRF) against internal network resources. Versions 6.0.9 through 6.21.0 are affected; the root cause is a TOCTOU race (CWE-367) between Ghost's allowlist check and the actual TCP connection, which a DNS-rebinding attacker exploits by switching DNS records between check-time and connect-time. No public exploit code identified and not listed in CISA KEV, but the scope-changed CVSS rating (S:C) reflects that successful exploitation escapes Ghost's network boundary into adjacent internal infrastructure.

Node.js Authentication Bypass Ghost
NVD GitHub
CVSS 3.1
4.0
EPSS
0.1%
CVE-2026-53946 MEDIUM PATCH This Month

Server-side request forgery in Ghost CMS versions 6.19.4 through 6.21.1 allows authenticated staff users to pivot the Ghost server into making arbitrary outbound HTTP requests, including to internal network hosts and cloud instance metadata endpoints. The vulnerable code path is Ghost's post re-rendering pipeline, which fetches image dimensions from URLs stored in image cards without validating those URLs against a trusted host allowlist. No public exploit has been identified at time of analysis, and a vendor-released patch is available in 6.21.1.

Node.js SSRF Ghost
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-53947 MEDIUM PATCH This Month

Ghost CMS versions 5.18.0 through 6.21.1 expose registered member email addresses to unauthenticated enumeration via observable discrepancies in the members signin endpoint responses. Any Ghost site with the members feature active is affected, allowing an attacker to silently probe whether arbitrary email addresses belong to site subscribers. No public exploit or active exploitation (CISA KEV) has been identified; vendor patch is available in 6.21.1.

Node.js Information Disclosure Ghost
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-53948 MEDIUM PATCH This Month

Stored cross-site scripting in Ghost CMS (versions 6.19.4 through 6.21.0) is enabled by the Admin API file upload endpoint accepting and preserving attacker-supplied Content-Type headers without server-side validation. When Ghost is configured with S3 or GCS storage backends that serve uploaded files from the same origin as the site, an authenticated attacker can upload a file with a crafted Content-Type (e.g., text/html) that causes browsers to execute it as HTML or JavaScript, enabling stored XSS against visitors and staff. No public exploit code has been identified at time of analysis, and the vulnerability is fixed in Ghost 6.21.1.

Node.js XSS File Upload Ghost
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-53949 MEDIUM PATCH This Month

Filter validation bypass in Ghost CMS public API endpoints exposes private fields - including password hashes - to unauthenticated remote attackers via repeated brute-force probing. Instances running SQLite are most severely impacted: full password hashes are recoverable, enabling offline cracking. MySQL-backed instances leak structurally degraded hashes (case information lost), which the vendor assesses would render subsequent cracking attempts fruitless. No public exploit code exists and the vulnerability is not in CISA KEV at time of analysis, but the unauthenticated, network-accessible nature of the flaw lowers the bar for opportunistic discovery.

Node.js Information Disclosure Ghost
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-56269 npm MEDIUM PATCH This Month

Flowise versions 3.0.13 and earlier silently fall back to a hardcoded AES-256-CBC encryption key derived from the publicly known literal 'Secre$t' when TOKEN_HASH_SECRET is not configured, exposing the user and workspace IDs encoded in the 'meta' field of every JWT token issued by an unconfigured deployment. An authenticated user or network-positioned attacker who obtains any valid JWT can decrypt this metadata using the default key - now disclosed in the GHSA advisory and source code - and re-encrypt manipulated identifiers to probe downstream access controls. JWT signature validation is handled independently, so this does not constitute standalone token forgery, but identifier disclosure and metadata manipulation create a realistic stepping stone toward privilege escalation or unauthorized workspace access in multi-tenant deployments. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis; vendor-released patch Flowise 3.1.0 is available.

Authentication Bypass Privilege Escalation Node.js Flowise
NVD GitHub
CVSS 4.0
4.3
EPSS
0.1%
CVE-2026-56762 npm MEDIUM PATCH This Month

Missing cookie name validation on the write path in Hono's setCookie(), serialize(), and serializeSigned() functions allows user-controlled input containing CRLF control characters to produce malformed Set-Cookie headers. Affected are all Hono npm releases before 4.12.12. In practice, modern runtimes including Node.js and Cloudflare Workers reject the malformed headers before they are transmitted, meaning confirmed impact is availability loss (runtime errors crashing the response) rather than header injection or response splitting - though theoretical risk exists on less-strict runtimes. No active exploitation is confirmed, and no public exploit code has been identified.

Code Injection Node.js Hono
NVD GitHub
CVSS 4.0
6.9
EPSS
0.3%
CVE-2026-50137 npm HIGH PATCH GHSA This Week

Unauthenticated S3 pre-signed URL minting in Budibase (npm @budibase/server before 3.39.0) lets anonymous attackers abuse the route POST /api/attachments/:datasourceId/url, which was registered with only a recaptcha middleware and no authorized() gate. An attacker who knows or enumerates a workspace id (app_...) and an S3 datasource id (ds_...) receives a 15-minute AWS SigV4 pre-signed PutObjectCommand URL minted on the victim's stored IAM credentials, and because the bucket is caller-controlled they can write to any bucket those credentials permit. Publicly available exploit code exists (a self-contained Node.js PoC is published in the advisory); this is not listed in CISA KEV and no EPSS score was provided.

Canonical Authentication Bypass Node.js
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.3%
CVE-2026-48170 npm CRITICAL PATCH GHSA Act Now

Prototype pollution in the npm package scim-patch (versions <= 0.9.0) allows authenticated SCIM provisioning clients to mutate Object.prototype process-wide by submitting a PATCH operation whose value object contains a key such as `__proto__.someProp` or `constructor.prototype.someProp`. Because the side effect persists for the lifetime of the Node process and leaks into every plain object, downstream code that checks flags like `req.user.isAdmin` against unpolluted plain objects can suffer privilege escalation, logic bypass, or denial of service. Publicly available exploit code exists (proof-of-concept in the GHSA advisory and now in the package's test suite); no public exploit identified as in-the-wild use at time of analysis.

Prototype Pollution Privilege Escalation Node.js
NVD GitHub
CVSS 3.1
9.1
CVE-2026-46672 npm MEDIUM PATCH GHSA This Month

CSV formula injection in @actual-app/cli versions prior to 26.6.0 allows an attacker who can write user-controlled strings into an Actual Budget database to execute arbitrary spreadsheet formulas when the victim exports data using the --format csv flag and opens the resulting file in Excel, LibreOffice Calc, or Google Sheets. The vulnerable `escapeCsv` helper in `packages/cli/src/output.ts` neutralizes only RFC 4180 delimiters and quotes but does not strip formula-trigger prefixes (=, +, -, @, tab, CR), meaning payloads in payee names, account names, categories, notes, or tags survive into the CSV output unchanged. A publicly available proof-of-concept is included in the GHSA-7gh7-258j-4mpq advisory; no CISA KEV listing exists at time of analysis.

Google RCE Microsoft Node.js
NVD GitHub
CVSS 3.1
4.6
EPSS
0.2%
CVE-2026-50178 HIGH PATCH This Week

Command injection via untrusted Markdown rendering in the Angular Language Service VS Code extension (versions prior to 21.2.4) allows attackers to execute arbitrary commands on a developer's host when the developer hovers over and clicks a crafted JSDoc tooltip. The client trusts all rendered Markdown (isTrusted: true) while the language server fails to sanitize JSDoc content, enabling embedded command: URIs to fire from malicious source files or npm dependencies. No public exploit identified at time of analysis, but the supply-chain reach via npm packages makes this a notable developer-workstation risk.

XSS Node.js Angular Angular Ng Template
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-49241 HIGH PATCH This Week

Arbitrary code execution in the Angular Language Service VS Code extension prior to 21.2.4 allows attackers to silently run code on a developer's machine simply by having them open a malicious repository in VS Code. The extension reads the typescript.tsdk and js/ts.tsdk.path workspace settings without checking Workspace Trust, then require()s a tsserverlibrary.js file from that attacker-controlled path. No public exploit identified at time of analysis, though the patch diff in PR #68857 clearly illustrates the exploit primitive.

XSS Node.js Angular
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-54074 npm HIGH PATCH GHSA This Week

Code injection in @tinacms/cli versions prior to 2.4.3 allows an attacker who controls a Forestry-style project to achieve remote code execution on a developer's workstation when the `tinacms init` Forestry migration runs and the developer subsequently executes `tinacms dev` or `tinacms build`. The `addVariablesToCode` helper unquotes any value matching the marker `__TINA_INTERNAL__:::(.*?):::` placed in a stringified collection JSON, and user-supplied `label`/`name` fields from `.forestry/**/*.yml` are inserted into that JSON without sanitisation, yielding a top-level IIFE in the generated `tina/templates.ts`. A detailed end-to-end PoC is published in the GHSA-4936-9hrh-qqpw advisory; no public exploit identified at time of analysis beyond the disclosure PoC, and the CVE is not in CISA KEV.

Node.js Microsoft Code Injection RCE
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-55849 npm HIGH PATCH GHSA This Week

Command injection in the @cyclonedx/cyclonedx-npm SBOM generator (versions >= 2.1.0, < 5.0.0) lets an attacker who controls the value passed to the --workspace CLI option execute arbitrary OS commands when the npm_execpath environment variable is unset or empty. In that fallback path the tool spawns a subshell and interpolates the workspace value into a command string without escaping, so shell metacharacters break out of the intended context and run with the invoking user's privileges. No public exploit identified at time of analysis, though the vendor fix PR ships a proof-of-concept-style regression test; the issue is not listed in CISA KEV and no EPSS score was provided.

Privilege Escalation Command Injection Node.js
NVD GitHub VulDB
CVSS 4.0
8.5
EPSS
0.2%
CVE-2026-54051 npm CRITICAL PATCH GHSA Act Now

Command injection in the Network-AI npm package (network-ai < 5.9.1) lets any agent or caller granted a wildcard allowlist entry such as `git *`, `npm *`, or `node *` execute arbitrary shell commands as the orchestrator process. The flaw stems from `SandboxPolicy.isCommandAllowed` glob-matching the entire command string while `ShellExecutor` runs it through `/bin/sh -c`, so shell metacharacters like `;`, `|`, and `$(...)` smuggle additional commands past the sandbox. A working PoC is published in the GHSA advisory, though there is no public exploit identified at time of analysis in the wild and no CISA KEV listing.

RCE Command Injection Node.js
NVD GitHub
CVSS 3.1
9.9
CVE-2026-55591 npm MEDIUM PATCH GHSA This Month

Unauthenticated SSRF in signalk-server ≤2.27.0 allows remote attackers to force the server to make arbitrary HTTP/HTTPS requests to any destination, including RFC 1918 private ranges, loopback, and cloud metadata services at 169.254.169.254. On default installations where no admin user has been created, the security middleware is a no-op, meaning all three vulnerable endpoints are completely unauthenticated over the network. A detailed public PoC is included in the GitHub advisory demonstrating internal network scanning, AWS IAM credential theft via IMDSv1, and path-traversal-assisted targeted data exfiltration; no CISA KEV listing is present at time of analysis.

Microsoft Docker Kubernetes Node.js SSRF +2
NVD GitHub
CVSS 3.1
5.8
CVE-2026-48716 HIGH This Week

Arbitrary file write in HKUDS Nanobot's WhatsApp bridge (versions 0.1.5.post3 and prior) allows remote unauthenticated attackers to write attacker-controlled content to arbitrary filesystem locations by sending a WhatsApp document message with a path-traversal sequence in its fileName field. Because both the destination path and the file content are attacker-controlled, exploitation yields a write-anywhere primitive that can be escalated to remote code execution (e.g., by overwriting authorized_keys or shell startup files). No public exploit identified at time of analysis; a fix is planned for version 0.1.5.post4.

Path Traversal Node.js Nanobot
NVD GitHub
CVSS 3.1
8.7
EPSS
0.3%
CVE-2026-55603 npm HIGH PATCH GHSA This Week

Multipart form-data field injection in the npm package http-proxy-middleware (versions 3.0.4-3.0.6 and 4.0.0-4.1.0) lets remote attackers smuggle additional form parts past gateway-side validation by embedding CRLF sequences in body values, causing the proxy and backend to parse different field sets. The flaw lives in fixRequestBody's handlerFormDataBodyData helper, which concatenates user-controlled keys and values directly into the multipart wire format without neutralizing \r\n. Publicly available exploit code exists in the GHSA advisory, but no public exploit identified as actively used in the wild and no CISA KEV listing.

Authentication Bypass Node.js
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-55886 npm MEDIUM PATCH GHSA This Month

Prototype pollution in the Jodit WYSIWYG editor npm package (versions < 4.12.26) allows mutation of Object.prototype via the public helper API Jodit.modules.Helpers.set(). When an application passes user-controlled or partially user-controlled key paths to this function, an attacker can inject arbitrary properties into the global Object.prototype, enabling logic bypass, denial of service, or secondary security issues throughout the entire JavaScript runtime. A proof-of-concept is publicly available in the GitHub advisory (GHSA-vpmm-x3fm-qr5c); no public exploit identified at time of analysis beyond this PoC, and no CISA KEV listing exists.

Prototype Pollution Node.js Denial Of Service
NVD GitHub
CVSS 4.0
6.3
EPSS
0.3%
CVE-2026-48814 npm CRITICAL POC PATCH GHSA Act Now

Authentication bypass in Network-AI versions 5.7.1 and earlier allows unauthenticated remote attackers to invoke all 22 MCP tools on the SSE server because the default secret is empty and `_isAuthorized()` returns true when no secret is configured. Despite the partial fix for CVE-2026-46701 in 5.4.5 (which restricted CORS to localhost origins), any non-browser caller - curl, SSRF, or a service exposed via a 0.0.0.0 bind - can still call privileged operations like `config_set`, `agent_spawn`, `blackboard_write`, and token management with zero credentials. No public exploit identified at time of analysis, but the GHSA advisory includes annotated source-code locations that effectively serve as a roadmap for exploitation.

SSRF Authentication Bypass Node.js Network Ai
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.3%
CVE-2026-28737 Go HIGH PATCH GHSA This Week

Stored cross-site scripting in Gitea 1.25.x affects the built-in 3D file viewer (Online3DViewer integration) where a crafted .gltf file with an unsupported extension name in extensionsRequired is rendered into the DOM via innerHTML without sanitization. Any low-privileged user who can push a file to a repository (including a public fork) can compromise the session of any user who later views the file, enabling token theft and full account takeover. Publicly available exploit code exists (a working PoC is included in the GHSA-9cpj-qc93-vw8v advisory); no public exploit identified at time of analysis in CISA KEV.

Gitea CSRF XSS Node.js
NVD GitHub
CVSS 3.1
8.7
EPSS
0.3%
CVE-2026-54324 Go MEDIUM PATCH GHSA This Month

Cross-tenant confidentiality breach in Daytona's notification WebSocket gateway (versions 0.101.0 through 0.184.0) allows any JWT-authenticated user to passively receive realtime event data belonging to a different organization by supplying an arbitrary organization UUID during the WebSocket handshake. The gateway's JWT authentication flow accepted the client-supplied organizationId and joined the corresponding notification room without verifying organizational membership, exposing sandbox, snapshot, volume, and runner events across tenant boundaries. No active exploitation has been confirmed (not listed in CISA KEV) and no public exploit code has been identified at time of analysis, but the attack is mechanically trivial for any authenticated user who can obtain a target organization's UUID.

Authentication Bypass Node.js
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-54328 npm HIGH PATCH GHSA This Week

Local privilege escalation in the Pi coding agent (npm packages @earendil-works/pi-coding-agent 0.74.0-0.78.0 and @mariozechner/pi-coding-agent 0.50.0-0.73.1) allows a co-resident attacker on a shared Linux host to pre-stage attacker-controlled extension code in a predictable `os.tmpdir()/pi-extensions` path that pi later loads as the victim user. No public exploit identified at time of analysis, but the issue was reported by CrowdStrike researchers and patched in 0.78.1 of the renamed package. Affects shared dev boxes, CI runners, and HPC login nodes; Windows/macOS default per-user temp directories typically avoid exposure.

Microsoft Apple Crowdstrike Privilege Escalation RCE +2
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-49406 Cargo MEDIUM PATCH GHSA This Month

BYONM module resolution in Deno (≤ 2.7.11) allows path traversal via crafted `package.json` `main` fields, bypassing the `--allow-read` permission sandbox that is central to Deno's security model. A malicious npm package installed under a BYONM `node_modules` tree can cause `require()` to read and return the parsed contents of arbitrary JSON files outside the directory scope granted by `--allow-read`, while a direct `Deno.readTextFileSync()` call to the same path would be correctly blocked. No active exploitation is confirmed (not in CISA KEV), but a self-contained proof-of-concept was supplied by the reporter and is documented in the GitHub Security Advisory; real-world risk is meaningful in supply-chain scenarios where Deno's permission model is the primary isolation boundary.

Path Traversal Node.js
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-49411 Cargo MEDIUM PATCH GHSA This Month

Deno's Node.js compatibility TCP path (node:net.connect / node:http.request options form) fails to re-check network permissions against the resolved IP address, allowing numeric IPv4 aliases (e.g., decimal integer '2130706433' or hex '0x7f000001' for 127.0.0.1) to bypass --deny-net rules in Deno versions up to and including 2.7.14. Any code executing inside the Deno process - including supply-chain-compromised dependencies or attacker-controlled input - can reach explicitly denied destinations such as loopback services, private ranges, or cloud instance metadata endpoints by exploiting this pre-resolution-only permission check. No public exploit identified at time of analysis via CISA KEV, but publicly available exploit code exists (proof-of-concept published in GHSA-v8fw-85r8-5m23); fix is available in Deno 2.8.0.

Authentication Bypass Node.js
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-49440 Cargo HIGH PATCH GHSA This Week

Cryptographic primality validation in Deno's Node.js compatibility layer (versions <= 2.8.0) silently skips Miller-Rabin testing when `crypto.checkPrime`/`checkPrimeSync` is called with default options, causing crafted composites whose smallest prime factor exceeds 17,863 (e.g. 17,881 × 17,891) to be reported as prime. Remote attackers who control bignums fed into a victim Deno application can therefore smuggle composite values past validation, with no public exploit identified at time of analysis beyond the vendor-published reproducer.

Information Disclosure Microsoft OpenSSL Node.js
NVD GitHub
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-53864 npm HIGH PATCH GHSA This Week

Environment variable sanitization weakness in OpenClaw prior to 2026.5.26 lets attackers smuggle Node.js control variables (such as NODE_OPTIONS) past the host environment sanitizer, enabling them to influence child-process behavior and coverage output paths. Affected attackers must have write access to workspace .env files, tool environment overrides, or skill environment blocks, and no public exploit is identified at time of analysis. The flaw was reported by VulnCheck and is tracked under CWE-184 (Incomplete List of Disallowed Inputs).

Authentication Bypass Node.js Openclaw
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.3%
CVE-2026-54300 npm MEDIUM PATCH GHSA This Month

Regex translation in the @astrojs/netlify adapter broadens Astro's image.remotePatterns beyond the intended allowlist when building for Netlify deployment, enabling unauthorized image fetches from apex hosts and deeper URL paths. Versions of @astrojs/netlify prior to 7.0.13 (confirmed vulnerable at 7.0.10) generate Netlify Image CDN regex patterns that make wildcard subdomains optional and omit end-anchoring on pathname segments, causing the Netlify CDN to accept URLs that Astro's canonical matcher would reject. Unauthenticated public requesters can exploit this to cause the Netlify Image CDN to fetch image-like resources from hosts or paths outside the developer's intended scope, constituting a partial SSRF bypass against the image proxy allowlist. No active exploitation has been confirmed in CISA KEV, but a detailed reproduction is included in the GHSA advisory.

Canonical Node.js SSRF
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-50146 npm MEDIUM PATCH GHSA This Month

Reflected cross-site scripting in Astro framework (versions prior to 6.3.3) allows remote attackers to inject arbitrary HTML and execute JavaScript in victim browsers when an SSR-rendered page passes user-controlled input as a slot name to a component using a client:* directive. The flaw lives in the server renderer, which interpolates the slot name into a data-astro-template attribute without HTML escaping, enabling attribute-context breakout. No public exploit identified at time of analysis beyond the reporter's PoC in the GHSA advisory, and the issue is not listed in CISA KEV.

XSS Node.js
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2026-48714 npm CRITICAL PATCH GHSA Act Now

Remote prototype pollution in i18next-http-middleware before 3.9.7 allows unauthenticated attackers to write to Object.prototype by submitting dotted request-body keys such as '__proto__.polluted' to the missingKeyHandler. The 3.9.3 denylist blocked only literal unsafe keys; downstream backends (notably i18next-fs-backend ≤ 2.6.5) that split missing-key strings on the configured keySeparator then walked these segments into an unguarded setPath(). No public exploit identified at time of analysis, but PoC payloads are embedded in the upstream security test suite.

Prototype Pollution Node.js Denial Of Service I18Next Http Middleware
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.4%
CVE-2026-54285 npm MEDIUM PATCH GHSA This Month

Unbounded memory allocation in @opentelemetry/core affects the W3CBaggagePropagator.extract() method, which fails to enforce W3C Baggage specification size limits (8,192 bytes, 180 entries) on the inbound parsing path - only the outbound inject() path was protected. Unauthenticated remote attackers can exploit this to cause partial availability degradation by sending oversized baggage headers, with elevated risk in non-HTTP transport contexts (messaging systems, custom TextMapGetter implementations) where Node.js's native 16 KB header cap does not apply. No public exploit code or CISA KEV listing exists; the CVSS 5.3 Medium score reflects the real-world constraint imposed by Node.js defaults on the dominant HTTP deployment pattern.

Node.js Java Denial Of Service
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-54257 npm CRITICAL PATCH GHSA Act Now

Heap buffer under/overflow in Electron's Node.js Buffer API (versions 42.3.1 through 42.3.2) causes most apps to crash and may lead to incorrect buffer allocations resulting in unexpected truncation or memory corruption. No public exploit identified at time of analysis, but the CVSS 4.0 base score of 9.3 reflects network-reachable, unauthenticated memory corruption with high impact to confidentiality, integrity, and availability. Affects any Electron-based desktop application shipping the vulnerable runtime.

Node.js Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.3%
CVE-2026-53633 npm CRITICAL PATCH GHSA Act Now

Remote code execution in Vitest Browser Mode (npm @vitest/browser 3.0.0-3.2.4, 4.0.0-4.1.7, 5.0.0-beta.0-5.0.0-beta.3) allows remote attackers to overwrite the project's vite.config.ts and execute arbitrary Node.js code on the host when the browser API server is bound to a network-reachable interface (e.g. --browser.api.host=0.0.0.0). The flaw stems from the cdp() API forwarding raw Chrome DevTools Protocol calls over the browser WebSocket RPC without honoring the allowWrite/allowExec gates that normally restrict Browser Mode. Publicly available exploit code exists in the GHSA-g8mr-85jm-7xhm advisory's step-by-step reproduction, though no CISA KEV listing has been issued.

Google Code Injection Node.js
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2026-53655 npm MEDIUM PATCH GHSA This Month

Tar parser interpretation differential in node-tar (npm `tar` package) <= 7.5.15 allows a crafted archive to present a different member list to node-tar than to GNU tar, libarchive, or Python tarfile, enabling security scanner evasion in pipelines that scan with one tool and extract with another. The flaw stems from node-tar incorrectly applying a PAX extended header's `size=` override to intermediary GNU long-name (`L`) and long-link (`K`) metadata headers, desynchronizing the stream cursor and causing node-tar to raise a checksum error and report zero members while reference parsers correctly extract files. A detailed, working proof-of-concept (Python stdlib only) is included in the advisory; no active exploitation (CISA KEV) has been confirmed at time of analysis, but the broad npm ecosystem blast radius - node-tar backs npm's own tarball handling - materially elevates real-world risk.

Python Information Disclosure Node.js Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-53632 npm MEDIUM PATCH GHSA This Month

NTLMv2 hash disclosure in the `launch-editor` NPM package (v2.14.0 and earlier) exposes developer credentials on Windows systems when an attacker-controlled UNC path is passed to the package's file-opening HTTP middleware. The attack is achievable by tricking a developer running a local development server such as Vite into visiting an attacker-controlled webpage that issues a cross-origin request to the local `__open-in-editor` endpoint with a crafted `\\attacker-host\share` UNC path, whereupon Windows automatically initiates NTLM authentication without any user prompt, transmitting the victim's NTLMv2 hash to the attacker's SMB server. Publicly available exploit code confirmed via the advisory PoC using Impacket smbserver.py and Responder lowers the barrier significantly; no active exploitation has been confirmed via CISA KEV at time of analysis.

RCE Microsoft Node.js
NVD GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-53571 npm HIGH POC PATCH GHSA This Week

Arbitrary file disclosure in Vite's development server on Windows allows remote unauthenticated attackers to read sensitive files (such as `.env`, `*.pem`, `*.crt`) that are nominally protected by the `server.fs.deny` allowlist. The flaw stems from Windows-specific path-form quirks (NTFS Alternate Data Stream syntax `::$DATA` and 8.3 short filename aliases) that bypass deny-list normalization, and publicly available exploit code exists in the GHSA advisory. Only dev servers explicitly exposed to the network via `--host`/`server.host` are reachable.

Path Traversal Microsoft Node.js
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.4%
CVE-2026-53550 npm MEDIUM PATCH GHSA This Month

Quadratic CPU exhaustion in js-yaml (npm) versions 4.1.1 and earlier allows unauthenticated remote attackers to block a Node.js event loop for multiple seconds using a crafted YAML payload under 100 KB, resulting in denial of service. The flaw lies in the merge-key parser's failure to deduplicate repeated alias references before invoking per-key processing, producing O(K×M) work from O(K+M) input. A detailed proof-of-concept with reproducible timing benchmarks is publicly available via GitHub Security Advisory GHSA-h67p-54hq-rp68; no active exploitation is confirmed in CISA KEV at time of analysis.

Denial Of Service Apple Node.js
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-50171 npm HIGH PATCH GHSA This Week

Denial of service in Angular's @angular/common package allows attackers to exhaust CPU and memory by passing crafted digitsInfo strings (e.g., '1.200000000-200000000') to formatNumber, DecimalPipe, PercentPipe, or CurrencyPipe. On SSR deployments this crashes the Node.js process with a heap-out-of-memory error, while client-side rendering freezes the browser tab. No public exploit identified at time of analysis, though the patched code and triggering input strings are documented in PR #68840.

Node.js Google Denial Of Service
NVD GitHub HeroDevs VulDB
CVSS 4.0
8.2
EPSS
0.3%
CVE-2026-44311 npm MEDIUM PATCH GHSA This Month

Cross-site scripting in Fabric.js (npm: fabric) versions prior to 7.4.0 is triggered when applications export canvas content via `canvas.toSVG()` and render the result into the DOM using `innerHTML`. The `color` field within `colorStops` of a `fabric.Gradient` object is inserted into SVG `<stop>` elements without escaping `"`, `<`, or `>`, allowing crafted input to break attribute context and inject arbitrary HTML. A working proof-of-concept is publicly confirmed against v7.2.0; no active exploitation appears in CISA KEV, and the EPSS score of 0.04% reflects low observed exploitation breadth consistent with the chained conditions required.

XSS Information Disclosure Node.js
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-53609 CRITICAL Act Now

Prototype pollution in ApostropheCMS versions up to and including 4.30.0 allows an authenticated editor to poison Object.prototype via the $pullAll patch operator, ultimately bypassing authorization on all piece-type REST API endpoints for unauthenticated requests until the Node.js process restarts. The flaw stems from apos.util.set() failing to sanitize __proto__ in dot-notation paths, and no public exploit identified at time of analysis but the advisory describes a confirmed exploitation gadget in publicApiCheck(). No vendor-released patch identified at time of analysis, making this an open-window risk for any internet-exposed editor account.

Prototype Pollution Authentication Bypass Node.js Apostrophe
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-53608 HIGH This Week

Stored cross-site scripting in the @apostrophecms/seo plugin (versions ≤1.4.2) allows any user holding the default editor role to inject arbitrary JavaScript that executes in every visitor's browser. The seoGoogleTrackingId and seoGoogleTagManager fields are interpolated directly into inline <script> tag bodies via template literals with no sanitization, turning legitimate analytics configuration into a persistent payload delivery channel. No public exploit identified at time of analysis, and no vendor-released patch identified at time of analysis.

Google XSS Node.js Apostrophecms Seo
NVD GitHub
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-53607 LOW Monitor

Server-Side Request Forgery in ApostropheCMS through version 4.30.0 allows unauthenticated remote attackers to pivot the Node.js application process into issuing outbound HTTP requests to arbitrary hosts on the internal network when the `prettyUrls` SEO feature is explicitly enabled on the `@apostrophecms/file` module. The attack exploits the raw `Host` HTTP request header, which the pretty-URL handler uses verbatim to construct and `fetch()` an upstream URL, streaming the full HTTP response - status code, headers, and body - back to the requester. Practical impact is constrained to blind SSRF (network-topology probing via response-code and timing oracles, and verbose proxy or WAF error-body disclosure) rather than arbitrary data exfiltration; no patch exists at time of publication and no public exploit has been identified.

Node.js SSRF Apostrophe
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-53606 MEDIUM PATCH This Month

Cross-site scripting in sanitize-html prior to 2.17.5 allows low-privileged attackers to inject executable `javascript:` URIs through HTML attributes that the library's scheme-blocking logic never inspects. The `naughtyHref()` function gates dangerous URI schemes only for attributes listed in `allowedSchemesAppliedToAttributes` (defaulting to `href`, `src`, and `cite`), leaving attributes such as `action`, `formaction`, `data`, `poster`, `background`, `ping`, `xlink:href`, `dynsrc`, and `lowsrc` entirely unchecked. Applications that explicitly permit any of these attributes in their sanitize-html configuration are vulnerable; no public exploit code has been identified at time of analysis, and this CVE is not currently listed in CISA KEV.

XSS Node.js Sanitize Html
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-45014 MEDIUM This Month

Stored cross-site scripting in ApostropheCMS up to and including version 4.29.0 allows an attacker who controls a user account to inject malicious script into the draft version tooltip via an unsanitized display name field. Any editor or administrator who subsequently views that tooltip in the CMS backend will execute the attacker's payload in their browser, enabling session hijacking or unauthorized action execution. No public exploit has been identified at time of analysis and no patched version is available per the vendor advisory.

XSS Node.js Apostrophe
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-53726 npm MEDIUM PATCH GHSA This Month

Unauthenticated relation membership disclosure in Parse Server allows any client holding only standard public API credentials to read objects linked through a Relation field that is explicitly hidden by protectedFields, or linked to a parent object that is inaccessible under its ACL or class-level permissions. By supplying only a known or guessed owning object's objectId, a remote unauthenticated caller can enumerate all objects in a protected relation or use the $relatedTo operator as a membership oracle - confirming whether a specific child object is privately linked to a given parent. This directly undermines applications that use Parse Server's access control primitives to protect sensitive relationships such as private group memberships, block lists, or account-to-resource associations. No public exploit identified at time of analysis; vendor-released patches exist at versions 8.6.80 and 9.9.1-alpha.6.

Authentication Bypass Node.js Oracle Parse Server
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-53725 npm MEDIUM PATCH GHSA This Month

Parse Server 9.8.0-9.9.0 exposes raw MFA TOTP secrets and recovery codes through the /verifyPassword and /login endpoints when the _User class-level permission (CLP) is configured to deny get operations. An attacker with knowledge of a victim's username and password can call /verifyPassword without a session token or MFA token and receive the victim's plaintext TOTP secret and recovery codes in the response, completely defeating the second authentication factor. No public exploit has been identified at time of analysis; a patch exists in version 9.9.1-alpha.5, and the EPSS score of 0.04% (13th percentile) reflects limited opportunistic exploitation so far.

Information Disclosure Node.js Parse Server
NVD GitHub VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-53724 npm LOW PATCH GHSA Monitor

Stored XSS in Parse Server is achievable by authenticated users who bypass the file upload extension blocklist by appending a trailing dot to a blocked filename (e.g., `poc.svg.`), causing the extension parser to return an empty string and skip the block check. The attacker-supplied Content-Type is forwarded unchanged to cloud storage adapters (S3, GCS), which persist and serve the file under that active MIME type - enabling script execution in a victim's browser when the file URL is opened. No active exploitation is confirmed (not in CISA KEV, EPSS 0.05% at 15th percentile), but the attack mechanism is low-complexity and fully documented in the vendor's fix PRs. Patches are available in versions 8.6.79 and 9.9.1-alpha.4.

File Upload XSS Node.js Parse Server
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-50008 npm MEDIUM PATCH GHSA This Month

Parse Server's operator-configured route firewall (`routeAllowList`) is bypassed in versions 9.8.0 through 9.9.1-alpha.3 when external clients POST to the `/batch` endpoint with sub-requests targeting routes the operator intended to block. The Express middleware enforcing the allow-list runs only against the outer HTTP request URL; the `/batch` handler dispatches each embedded sub-request to the internal router without re-running that check. Inner authorization controls - Parse authentication, ACL, and CLP - remain in effect, bounding actual data exposure to whatever those controls permit, but the route-level security boundary is defeated entirely. No public exploit has been identified and EPSS is 0.08%, though operators relying on `routeAllowList` as a primary access-control layer are directly and materially affected.

Authentication Bypass Node.js Parse Server
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-48546 HIGH PATCH This Week

Sandbox escape leading to remote code execution affects KanaDojo (lingdojo/kana-dojo) before version 0.1.18, where the issue-auto-respond.yml GitHub Actions workflow passes the global require function into a Node.js vm.runInNewContext() sandbox. An attacker submitting a pull request that modifies messages.cjs can load arbitrary Node.js modules from within the sandbox and gain code execution on the Actions runner with access to AUTOMATION_PR_TOKEN. No public exploit identified at time of analysis, though the VulnCheck advisory documents the exploitation primitive in detail.

RCE Node.js Kana Dojo
NVD GitHub VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-49982 npm HIGH POC PATCH GHSA This Week

Path traversal in node-tmp 0.2.6 allows remote attackers to create files or directories outside the temp directory by supplying non-string `prefix`, `postfix`, or `template` values (arrays, Buffers, or objects) whose `includes('..')` check returns falsy but whose string coercion contains `../`. The 0.2.6 `_assertPath` guard checks only strings, so JSON body fields or `qs`-parsed bracket arrays such as `?prefix[]=..` bypass it and write at attacker-controlled paths with host-process privileges. No public exploit identified at time of analysis, but the bypass pattern is trivial and the library is widely used in Node.js applications.

Authentication Bypass Node.js Node Tmp Suse
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-48054 npm HIGH PATCH GHSA This Week

Code injection in OpenZeppelin Contracts Wizard's `@openzeppelin/wizard` npm package (<=0.10.8) allows attacker-supplied strings passed through `opts.name` or `opts.uri` into the `zipHardhat`/`zipFoundry` helpers to break out of string literals inside generated Hardhat and Foundry test scaffolding, leading to arbitrary code execution on the developer's machine when `npm test` or `forge test` is run. No public exploit is identified at time of analysis, but a vendor advisory and patched commit are public via GitHub Security Advisory GHSA-4x76-22x2-rx8v.

Node.js Code Injection RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-71329 HIGH POC PATCH Monitor

Denial of service in the image-size Node.js library through version 2.0.2 allows remote unauthenticated attackers to permanently hang the Node.js event loop by supplying a crafted JXL or HEIF image containing a box with a zero-valued size field. Publicly available exploit code exists and an upstream fix has been merged, making this a credible availability threat for any service that accepts user-supplied images and runs them through image-size. No active exploitation has been reported in CISA KEV at time of analysis.

Denial Of Service Node.js Image Size Red Hat Suse
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-71330 HIGH POC PATCH This Week

Denial of service in the image-size Node.js library (versions up to and including 2.0.2) allows remote unauthenticated attackers to permanently stall the Node.js event loop by submitting a malformed ICNS image. The flaw stems from an infinite loop in the ICNS parser when an entry length field is zero, and publicly available exploit code exists per VulnCheck and an independent write-up; no public exploit identified at time of analysis indicates active exploitation, but the POC makes weaponization trivial.

Denial Of Service Node.js Image Size Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVSS 8.8
HIGH POC PATCH This Week

Missing authentication in @andrea9293/mcp-documentation-server v1.13.0 exposes its document-management Web UI/API on all network interfaces (0.0.0.0:3080) instead of localhost, letting any adjacent-network client read, add, search, and delete documents in the MCP knowledge base without credentials. Rated CVSS 8.8 (CWE-306), the flaw is exploitable by unauthenticated attackers reachable over the same LAN, VM network, Docker bridge, or VPN. A detailed proof-of-concept exists in the reporter's advisory, though there is no public exploit identified as being used in active attacks and it is not listed in CISA KEV; the vendor fixed it in v1.13.1.

Docker Authentication Bypass Node.js +1
NVD GitHub
HIGH POC PATCH This Week

OS command injection in the Node.js `systeminformation` library (npm, versions <= 5.31.6) lets a local actor run arbitrary commands with the privileges of any process that calls `networkInterfaces()` on Linux. While collecting DHCP state, `checkLinuxDCHPInterfaces()` reads Debian/Ubuntu `interfaces(5)` files and interpolates each `source <path>` token - read from file content - unquoted into a `cat ... | grep` string executed via `execSync()`/`/bin/sh`. Publicly available exploit code exists (a verbatim-sink PoC in the advisory); there is no CISA KEV listing and no CVSS score was assigned by the source, but a vendor patch (5.31.7) is available.

Debian Node.js Apple +3
NVD GitHub
CVSS 2.1
LOW PATCH Monitor

Path traversal in nvm versions 0.32.1 through 0.40.5 allows a hostile Node.js mirror to overwrite arbitrary files in the victim's home directory, including shell startup files, leading to code execution on the next shell session. The vulnerability exists in `nvm ls-remote`, `nvm install --lts`, and any other nvm command that refreshes remote LTS aliases by fetching and parsing a mirror's `index.tab` - the LTS codename field is used as an alias filename without sanitization, permitting sequences like `../../../.bashrc` to escape `$NVM_DIR/alias`. No public exploit identified at time of analysis, but a working proof-of-concept is embedded in the upstream test suite added in the fix commit.

Node.js Path Traversal RCE +1
NVD GitHub
CVSS 6.7
MEDIUM PATCH This Month

Command injection in NocoBase's @nocobase/plugin-backups prior to v2.1.19 allows an authenticated backup-management user to execute arbitrary OS commands as the NocoBase server process by restoring a crafted backup archive. The database.schema field from a backup's _metadata.json is interpolated directly into a shell command string passed to Node.js child_process.exec(), a classic CWE-78 pattern that bypasses any sanitization at the shell level. No active exploitation confirmed (not in CISA KEV) and no public exploit identified at time of analysis, but the commit diff confirms the mechanism is straightforward and the fix is available in v2.1.19.

Node.js Command Injection PostgreSQL +1
NVD GitHub
CVSS 8.4
HIGH PATCH This Week

OS command injection in AWS jsii-diff before 1.131.0 lets a context-dependent attacker execute arbitrary shell commands when a victim runs the tool against an attacker-controlled 'npm:' source specifier. The npm package-loading component fails to sanitize the package specifier before passing it to a shell, so a crafted specifier is interpreted as a command. No public exploit has been identified at time of analysis and it is not listed in CISA KEV; a vendor-released patch (v1.131.0) is available.

Node.js Command Injection
NVD GitHub
CVSS 8.6
HIGH POC PATCH This Week

Remote code execution in Cherry Studio 1.2.2 through 1.9.12 lets attackers who control search-provider content run arbitrary Node.js code because the SearchService loads that content into an Electron BrowserWindow with nodeIntegration enabled and contextIsolation disabled. An attacker controlling a search engine provider, search result page, or provider settings page can execute JavaScript with full Node.js privileges under the OS account running the app. Publicly available exploit code exists (VulnCheck/Mundi-Xu gist) and a vendor patch (commit 1518530) is available; the flaw is not currently listed in CISA KEV.

Node.js RCE Cherry Studio
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Improper API key generation in Sonatype Nexus Repository Manager lets a remote attacker impersonate a targeted user and perform repository operations on their behalf. The flaw stems from insufficient entropy (CWE-331) in format-specific API key realms, so an attacker who can predict or reconstruct a victim's key gains their access without credentials. The vendor (Sonatype) reported and patched the issue in release 3.93.0; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Docker Authentication Bypass Node.js +1
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Prototype pollution in svg.js (svgdotjs) up to version 3.2.5 allows a remote low-privileged attacker to inject arbitrary properties into JavaScript's shared Object.prototype via the EventTarget.on function of the npm package API. Depending on how consuming applications perform property lookups, this can lead to information disclosure, logic bypass, or integrity violations across the entire JavaScript runtime. No vendor patch exists - the maintainer has not responded to the responsible disclosure - and a proof-of-concept exists (CVSS E:P), though no confirmed active exploitation appears in CISA KEV.

Prototype Pollution Node.js Information Disclosure +1
NVD VulDB GitHub
EPSS 0% CVSS 8.3
HIGH This Week

Denial of service in HedgeDoc before 1.11.0 lets a user who can store a note crash the instance by embedding a YAML "alias bomb" in the note frontmatter. Because HedgeDoc parsed frontmatter with the unsafe js-yaml v3 load (via @hedgedoc/meta-marked) and resolved anchor aliases, a compact ten-level payload expands into a massive object that blocks the single Node.js event loop for roughly 235 seconds on every request to the publish view (/s/<shortid>) or, under the opengraph key, the editor view (/<noteId>). No public exploit has been identified at time of analysis and the flaw is not in CISA KEV, but the stored payload persists in the database and re-triggers after process restarts, making outages durable until the note is deleted.

Node.js Denial Of Service Hedgedoc
NVD GitHub
EPSS 0% CVSS 8.6
HIGH This Week

Authorization bypass in the @openclaw/feishu npm package (versions <= 2026.6.6) allows a lower-trust caller - or attacker-influenced input reaching a configured input path - to perform Feishu (Lark) actions that should have required stronger authorization, because per-account disablement can be ignored. Authenticated remote attackers can trigger unauthorized operations affecting confidentiality and integrity; no public exploit has been identified at time of analysis, and the flaw is fixed in version 2026.6.9. Real-world impact is gated by the operator's configuration and whether untrusted input can reach the affected feature.

Authentication Bypass Node.js Feishu
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Ghost CMS versions 6.27.0 through 6.43.x permit unauthenticated attackers to manipulate donation checkout metadata, enabling acquisition of full paid gift memberships for a minimal payment. The flaw, classified as CWE-472 (External Control of Assumed-Immutable Web Parameter), stems from the server trusting client-controlled parameters in the public-facing checkout flow that should be server-authoritative. No active exploitation is confirmed (not in CISA KEV) and no public exploit has been identified; the vendor released a fix in version 6.44.0.

Node.js Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 2.3
LOW PATCH Monitor

LiveQuery in Parse Server leaks unauthorized object field values to authenticated subscribers when a single save operation simultaneously modifies a sensitive field and the subscriber's ACL read access, because leave and enter events are built from the wrong object state. Affected deployments run parse-server below 8.6.83 (stable branch) or below 9.9.1-alpha.13 (v9 alpha branch) with LiveQuery enabled. The CVSS 4.0 score of 2.3 and AT:P prerequisite correctly reflect that exploitation is constrained to a specific co-mutation timing condition; no public exploit identified and no KEV listing exists at time of analysis.

Node.js Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service in Parse Server (versions prior to 8.6.82 and 9.9.1-alpha.12) allows remote attackers to hang the Node.js event loop by submitting deeply nested $or, $and, or $nor query operators through the REST API or LiveQuery interface, triggering exponential-time processing in the internal query-traversal helper. Because the vulnerable code path is reachable without authentication and consumes CPU without bound, a single crafted request can render the backend unresponsive to all clients. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Node.js Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Remote denial of service in the JavaScript @libp2p/gossipsub module (all versions prior to 16.0.0) lets any connected peer stall a victim node by sending oversized IHAVE/IWANT control messages. Because defaultDecodeRpcLimits left maxIhaveMessageIDs and maxIwantMessageIDs set to Infinity, a single 4 MB RPC frame forces roughly 180,000 message IDs to be iterated synchronously, blocking the Node.js event loop and freezing the process. No public exploit identified at time of analysis; the flaw is remotely reachable without authentication against affected default configurations.

Node.js Denial Of Service
NVD GitHub VulDB
CVSS 3.1
LOW PATCH Monitor

Open redirect in waku's `unstable_redirect()` server-side router helper allows a network attacker to redirect victims' browsers to arbitrary external domains - including phishing sites for credential harvesting and OAuth token theft - by injecting a malicious `location` string into any waku route that passes user-controlled query parameters to the function. The vulnerability affects waku 1.0.0-beta.0 across all supported runtime adapters (Node.js, Cloudflare Workers, Vercel Edge, Deno), as the reflection path in `handler.ts` is shared. A dynamic proof-of-concept was confirmed by the reporter in two independent Docker-based runs against commit 8e9f542; no vendor-released patch is confirmed at time of analysis, though a v1.0.0-beta.1 release tag appears in advisory references.

Node.js Open Redirect Docker
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in OpenTelemetry JavaScript (@opentelemetry/propagator-jaeger) before 2.9.0 allows an unauthenticated remote attacker to crash a Node.js service by sending a malformed percent-encoded uber-trace-id or uberctx-* HTTP header. The JaegerPropagator passes header values to decodeURIComponent() without catching the resulting URIError, so the uncaught exception terminates the process. No public exploit identified at time of analysis, and this is not listed in CISA KEV; the fix is version 2.9.0.

Node.js Information Disclosure Opentelemetry Js
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in node-tar prior to 7.5.18 allows unauthenticated network-reachable attackers to crash Node.js processes by submitting crafted tar archives containing all-digit PAX header path or linkpath values. The library incorrectly coerces these string values to JavaScript numbers in src/pax.ts, causing downstream path handling (normalizeWindowsPath(entry.path).split('/')) to throw an uncaught TypeError when it attempts to call a string method on a numeric value. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Node.js Information Disclosure Node Tar
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service in node-tar prior to 7.5.18 allows remote attackers to hang a Node.js application by feeding it a crafted tar archive: a checksum-valid header carrying a negative base-256 encoded entry size makes the tar.replace scanner advance zero bytes and re-parse the same header forever. No public exploit or active exploitation is identified at time of analysis, but the CVSS 4.0 base score of 8.7 reflects the high, easily-reachable availability impact. Only applications that call tar.replace on untrusted archive input are affected.

Node.js Denial Of Service Node Tar
NVD GitHub VulDB
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

Uncontrolled resource consumption in node-tar before 7.5.19 lets a small crafted gzip bomb exhaust disk space and CPU on any Node.js application that extracts or parses attacker-supplied tar archives. Because node-tar imposes no upper bound on total decompressed size, entry count, or compression ratio in its extract and parse paths, a tiny malicious file can inflate to consume all available storage and processing, causing denial of service. No public exploit has been identified, but the fix is a straightforward, well-documented behavior change published in the vendor advisory GHSA-23hp-3jrh-7fpw.

Node.js Denial Of Service Node Tar
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Process termination via crafted tar archive affects node-tar prior to 7.5.17, where NUL bytes in PAX path and linkpath header records are not sanitized before being passed to Node.js filesystem calls. Any application using node-tar to extract untrusted archives is susceptible to denial of service through an uncaught exception that crashes the Node.js process. No confirmed active exploitation or public exploit code has been identified at time of analysis; however, the low attack complexity (CVSS AC:L, PR:N) makes this trivial to trigger wherever attacker-controlled archive input reaches a vulnerable node-tar instance.

Node.js Information Disclosure Node Tar
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Remote code execution in Koodo Reader (versions 2.3.0 and earlier) lets an attacker who supplies a malicious EPUB file run arbitrary OS commands with the victim's privileges once the book is imported and opened. The flaw combines a dangerously permissive Electron IPC handler (nodeIntegrationInSubFrames enabled) with unsanitized innerHTML rendering of chapter content, turning ebook display into a Node.js code-execution primitive. No public exploit has been identified at time of analysis; the issue is fixed in version 2.3.1 and is not listed in CISA KEV.

Code Injection Node.js RCE +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

webpack-dev-server 5.2.5 and earlier crash the entire Node.js host process when an unauthenticated remote peer sends either an HTTP request with a malformed Host header or a WebSocket upgrade to the /ws endpoint with a malformed Origin header. The malformed value bypasses graceful error handling in the host-validation path, triggering an uncaught exception that terminates the dev server process entirely. Impact is confined to availability - no confidentiality loss and no code execution occur despite a misleading 'RCE' tag in the source intelligence, which appears to be a mislabeling inconsistent with the vendor description and CVSS vector (C:N/I:N). No public exploit or CISA KEV listing exists at time of analysis.

Node.js RCE Webpack Dev Server +2
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

Denial of service in LobeChat before 2.2.10-canary.15 lets an authenticated user hang the entire Node.js server by importing a GitHub-hosted skill whose repository URL path contains a catastrophic-backtracking regex pattern. Because the malicious basePath is compiled into a dynamic regular expression in findSkillMd and matched synchronously against archive entries, a single request blocks the shared event loop for tens of seconds, denying service to all concurrent users. Publicly available exploit code exists and a vendor patch is available, though there is no public exploit identified as being used in active exploitation.

Node.js Denial Of Service Lobehub
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IP header spoofing in GoFiber's BalancerForward proxy middleware allows any remote unauthenticated attacker to inject a forged X-Real-IP header that upstream servers treat as authoritative. The middleware calls Header.Add() rather than Header.Set() when stamping the real client IP, causing the attacker-supplied value to remain as the first header instance - the one read by nginx, Express, Apache, and most HTTP servers for rate limiting, IP-based ACLs, and audit logging. No public exploit has been identified at time of analysis, but exploitation requires only the ability to set an arbitrary HTTP header, making this trivially accessible to any network attacker targeting deployments using the BalancerForward helper.

Authentication Bypass Nginx Node.js +1
NVD GitHub VulDB
CVSS 8.1
HIGH POC PATCH This Week

Apify API token exfiltration in @apify/actors-mcp-server 0.10.7 lets a remote attacker steal a victim's bearer credential via URL authority injection (CWE-918/SSRF). Because getActorMCPServerURL() naively concatenates a trusted standby base URL with an attacker-controlled webServerMcpPath from an Actor definition, an Actor published with a value like '@attacker.example/mcp' causes the WHATWG URL parser to resolve the outbound connection to the attacker's host, and connectMCPClient() unconditionally forwards the victim's 'Authorization: Bearer <APIFY_TOKEN>' header there. Publicly available exploit code exists (a Docker-based PoC that captures the token on an attacker HTTPS server); no active exploitation is confirmed.

Python SSRF OpenSSL +3
NVD GitHub
CVSS 4.8
MEDIUM PATCH This Month

Prototype pollution in @hey-api/openapi-ts affects all versions through 0.97.2, allowing remote unauthenticated attackers to substitute the prototype chain of the returned params slot object by passing a crafted key such as '$query___proto__' through any application that forwards user-supplied parameters to a generated SDK method. The flaw resides in a runtime template (dist/clients/core/params.ts) that is copied verbatim into every generated SDK, meaning every downstream npm package regenerated from this tool carries the vulnerable code - confirmed affected consumers include @opencode-ai/sdk and @trigger.dev/sdk. A functional proof-of-concept is publicly available; exploitation is not confirmed as actively exploited and is absent from CISA KEV.

Node.js Docker Code Injection +1
NVD GitHub
CVSS 7.4
HIGH POC PATCH This Week

Server-Side Request Forgery in auth-fetch-mcp v3.0.1 lets an attacker who controls the url argument of the auth_fetch or download_media MCP tools reach loopback and private-range services that the built-in assertSafeUrl() guard is supposed to block. The bypass works by encoding the target as an IPv4-mapped IPv6 literal (e.g. http://[::ffff:127.0.0.1]:PORT/), which Node's WHATWG URL parser normalizes to ::ffff:7f00:1 so the private-IP check falls through. A detailed, reproduced proof-of-concept exists (publicly available exploit code exists); there is no CISA KEV listing and no vendor-released patch identified at time of analysis. CVSS 3.1 is 7.4 (High); EPSS was not provided.

Node.js SSRF Docker +1
NVD GitHub
CVSS 4.3
MEDIUM PATCH This Month

SSRF policy bypass in jshookmcp 0.3.1 allows an authenticated MCP client with network domain access to probe internal RFC 1918 and reserved addresses that are explicitly blocked by all other network tools on the same server. The `network_icmp_probe` and `network_traceroute` handlers call `resolveHostname` directly without invoking the central `resolveAuthorizedTransportTarget` guard, creating an inconsistent enforcement boundary. No CISA KEV listing exists, but proof-of-concept test code demonstrating the bypass via the `handleCallTool` dispatch path is included in the GitHub advisory (GHSA-c5r6-m4mr-8q5j), confirming exploitability without external traffic.

SSRF Microsoft Node.js +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in @fastify/middie 9.1.0 through 9.3.2 lets remote unauthenticated attackers crash the Node.js process by sending request paths with malformed percent-encoded sequences. The standalone engine's URL normalization step fails to catch a synchronous decoder exception, terminating the process and taking down all connected clients until manual restart. Only applications that invoke middie.run directly on the standalone engine API are affected; there is no public exploit identified at time of analysis, and no EPSS or KEV data was provided.

Node.js Denial Of Service Fastify Middie
NVD GitHub
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

Denial of service in linkify-it (npm) through v5.0.0 lets remote unauthenticated attackers wedge a rendering worker by submitting tens of KB of repeated email/link-like text. The core public API LinkifyIt.prototype.match runs an O(N²) scan loop that re-slices the input and re-runs unanchored fuzzy regex searches once per match, so 64 KB of "a@b.com" burns ~2.5 s of single-threaded CPU and 128 KB ~10 s. The flaw is inherited by markdown-it (~21.6M weekly npm downloads) whenever linkify:true is set, exposing forums, chat, wikis and AI chat UIs; publicly available exploit code (a PoC in the GHSA advisory) exists, but there is no evidence of active exploitation.

Apple Node.js Mattermost +2
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Signature type-binding bypass in @sigstore/core (npm) allows an attacker who controls the `payloadType` field of a DSSE envelope to substitute every ASCII character with a Unicode variant whose low byte matches, producing PAE bytes identical to a legitimate signature and causing verification to pass for a mismatched content type. All versions up to and including 3.2.0 are affected; a working proof-of-concept is included in the GitHub security advisory GHSA-jfc7-64v2-mr8c. The vulnerability is not confirmed in the CISA KEV catalog, but exploit code is publicly available, making exploitation straightforward for any attacker positioned to craft or relay DSSE envelopes.

Node.js Jwt Attack Information Disclosure
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Credential leakage in pnpm package manager versions prior to 10.34.0 and 11.4.0 exposes a developer's unscoped npm authentication token to attacker-controlled registries. When a project-level .npmrc overrides the registry URL without supplying its own auth token, pnpm incorrectly inherits and forwards the user's globally-configured unscoped _authToken to that foreign registry as an Authorization header. No public exploit has been identified at time of analysis, though the real-world impact is severe - a captured npm token can enable supply chain attacks via malicious package publishing.

Node.js Information Disclosure Pnpm
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

Integrity-check bypass in the pnpm package manager (versions before 10.34.0/10.34.1 and 11.0.0-11.3.x) lets tampered packages install silently because the tarball extraction worker skips hash verification whenever the lockfile resolution has no `integrity` field. An attacker who can both edit `pnpm-lock.yaml` to drop the `integrity:` line and cause the referenced registry URL to serve altered content can push a malicious package through `pnpm install --frozen-lockfile` without any integrity error - a fail-open gap that npm's `npm ci` does not share. Publicly available exploit code exists; EPSS is low (0.12%, 2nd percentile) and the issue is not in CISA KEV.

Node.js Information Disclosure Pnpm
NVD GitHub
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

Stored code injection in ToolJet self-hosted (prior to 3.20.178-lts) lets any authenticated builder-role user - available on the free tier - overwrite a globally-shared marketplace plugin with arbitrary JavaScript that runs server-side with full Node.js capabilities (require, process). Because the poisoned plugin executes whenever any user on the instance runs a query that uses it, a single low-privileged account achieves remote code execution and an instance-wide supply-chain compromise. The flaw carries a CVSS 4.0 score of 9.4; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Code Injection Node.js RCE +1
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Week

Denial of service in the shell-quote Node.js library (versions prior to 1.8.5) lets remote attackers stall the single-threaded event loop by passing an attacker-controlled string into any code path that calls parse(). The flaw is purely algorithmic - parse() builds its token list with Array.prototype.concat as a reduce accumulator, giving O(n^2) behavior so even a small payload of plain space-separated words causes disproportionate CPU consumption. There is no public exploit identified at time of analysis and no KEV listing; impact is to availability only with no code execution or data disclosure despite the misleading 'RCE' source tag.

Node.js Denial Of Service RCE +3
NVD GitHub VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Web cache poisoning in the Ghost Node.js CMS before 6.37.0 lets an unauthenticated attacker inject an x-ghost-preview header that alters the rendered frontend response, which a shared caching layer then stores and serves to other visitors of the same page. When Ghost's public frontend and admin panel share a single domain, this request-specific preview output can be weaponized to hijack staff accounts; separate-domain deployments are not exposed. No public exploit is identified at time of analysis, and the issue carries a vendor CVSS of 9.6.

Node.js Information Disclosure Ghost
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Server-side request forgery (SSRF) filter bypass in Ghost CMS 6.0.9 through 6.21.0 allows remote unauthenticated attackers to direct the application to reach internal network services by supplying IPv6 literals that map to private IPv4 addresses, circumventing Ghost's outbound IP blocklist. The root cause is CWE-184 (Incomplete List of Disallowed Inputs): the filter validates against RFC 1918 private ranges but does not normalize IPv6-mapped IPv4 notation before comparison. No public exploit code has been identified at time of analysis, and no CISA KEV listing exists; Ghost 6.21.1 resolves the issue.

Node.js Authentication Bypass Ghost
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

DNS rebinding bypasses Ghost CMS's private-IP validation for outbound HTTP requests, enabling server-side request forgery (SSRF) against internal network resources. Versions 6.0.9 through 6.21.0 are affected; the root cause is a TOCTOU race (CWE-367) between Ghost's allowlist check and the actual TCP connection, which a DNS-rebinding attacker exploits by switching DNS records between check-time and connect-time. No public exploit code identified and not listed in CISA KEV, but the scope-changed CVSS rating (S:C) reflects that successful exploitation escapes Ghost's network boundary into adjacent internal infrastructure.

Node.js Authentication Bypass Ghost
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Server-side request forgery in Ghost CMS versions 6.19.4 through 6.21.1 allows authenticated staff users to pivot the Ghost server into making arbitrary outbound HTTP requests, including to internal network hosts and cloud instance metadata endpoints. The vulnerable code path is Ghost's post re-rendering pipeline, which fetches image dimensions from URLs stored in image cards without validating those URLs against a trusted host allowlist. No public exploit has been identified at time of analysis, and a vendor-released patch is available in 6.21.1.

Node.js SSRF Ghost
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Ghost CMS versions 5.18.0 through 6.21.1 expose registered member email addresses to unauthenticated enumeration via observable discrepancies in the members signin endpoint responses. Any Ghost site with the members feature active is affected, allowing an attacker to silently probe whether arbitrary email addresses belong to site subscribers. No public exploit or active exploitation (CISA KEV) has been identified; vendor patch is available in 6.21.1.

Node.js Information Disclosure Ghost
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Stored cross-site scripting in Ghost CMS (versions 6.19.4 through 6.21.0) is enabled by the Admin API file upload endpoint accepting and preserving attacker-supplied Content-Type headers without server-side validation. When Ghost is configured with S3 or GCS storage backends that serve uploaded files from the same origin as the site, an authenticated attacker can upload a file with a crafted Content-Type (e.g., text/html) that causes browsers to execute it as HTML or JavaScript, enabling stored XSS against visitors and staff. No public exploit code has been identified at time of analysis, and the vulnerability is fixed in Ghost 6.21.1.

Node.js XSS File Upload +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Filter validation bypass in Ghost CMS public API endpoints exposes private fields - including password hashes - to unauthenticated remote attackers via repeated brute-force probing. Instances running SQLite are most severely impacted: full password hashes are recoverable, enabling offline cracking. MySQL-backed instances leak structurally degraded hashes (case information lost), which the vendor assesses would render subsequent cracking attempts fruitless. No public exploit code exists and the vulnerability is not in CISA KEV at time of analysis, but the unauthenticated, network-accessible nature of the flaw lowers the bar for opportunistic discovery.

Node.js Information Disclosure Ghost
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Flowise versions 3.0.13 and earlier silently fall back to a hardcoded AES-256-CBC encryption key derived from the publicly known literal 'Secre$t' when TOKEN_HASH_SECRET is not configured, exposing the user and workspace IDs encoded in the 'meta' field of every JWT token issued by an unconfigured deployment. An authenticated user or network-positioned attacker who obtains any valid JWT can decrypt this metadata using the default key - now disclosed in the GHSA advisory and source code - and re-encrypt manipulated identifiers to probe downstream access controls. JWT signature validation is handled independently, so this does not constitute standalone token forgery, but identifier disclosure and metadata manipulation create a realistic stepping stone toward privilege escalation or unauthorized workspace access in multi-tenant deployments. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis; vendor-released patch Flowise 3.1.0 is available.

Authentication Bypass Privilege Escalation Node.js +1
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Missing cookie name validation on the write path in Hono's setCookie(), serialize(), and serializeSigned() functions allows user-controlled input containing CRLF control characters to produce malformed Set-Cookie headers. Affected are all Hono npm releases before 4.12.12. In practice, modern runtimes including Node.js and Cloudflare Workers reject the malformed headers before they are transmitted, meaning confirmed impact is availability loss (runtime errors crashing the response) rather than header injection or response splitting - though theoretical risk exists on less-strict runtimes. No active exploitation is confirmed, and no public exploit code has been identified.

Code Injection Node.js Hono
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Unauthenticated S3 pre-signed URL minting in Budibase (npm @budibase/server before 3.39.0) lets anonymous attackers abuse the route POST /api/attachments/:datasourceId/url, which was registered with only a recaptcha middleware and no authorized() gate. An attacker who knows or enumerates a workspace id (app_...) and an S3 datasource id (ds_...) receives a 15-minute AWS SigV4 pre-signed PutObjectCommand URL minted on the victim's stored IAM credentials, and because the bucket is caller-controlled they can write to any bucket those credentials permit. Publicly available exploit code exists (a self-contained Node.js PoC is published in the advisory); this is not listed in CISA KEV and no EPSS score was provided.

Canonical Authentication Bypass Node.js
NVD GitHub VulDB
CVSS 9.1
CRITICAL PATCH Act Now

Prototype pollution in the npm package scim-patch (versions <= 0.9.0) allows authenticated SCIM provisioning clients to mutate Object.prototype process-wide by submitting a PATCH operation whose value object contains a key such as `__proto__.someProp` or `constructor.prototype.someProp`. Because the side effect persists for the lifetime of the Node process and leaks into every plain object, downstream code that checks flags like `req.user.isAdmin` against unpolluted plain objects can suffer privilege escalation, logic bypass, or denial of service. Publicly available exploit code exists (proof-of-concept in the GHSA advisory and now in the package's test suite); no public exploit identified as in-the-wild use at time of analysis.

Prototype Pollution Privilege Escalation Node.js
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

CSV formula injection in @actual-app/cli versions prior to 26.6.0 allows an attacker who can write user-controlled strings into an Actual Budget database to execute arbitrary spreadsheet formulas when the victim exports data using the --format csv flag and opens the resulting file in Excel, LibreOffice Calc, or Google Sheets. The vulnerable `escapeCsv` helper in `packages/cli/src/output.ts` neutralizes only RFC 4180 delimiters and quotes but does not strip formula-trigger prefixes (=, +, -, @, tab, CR), meaning payloads in payee names, account names, categories, notes, or tags survive into the CSV output unchanged. A publicly available proof-of-concept is included in the GHSA-7gh7-258j-4mpq advisory; no CISA KEV listing exists at time of analysis.

Google RCE Microsoft +1
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Command injection via untrusted Markdown rendering in the Angular Language Service VS Code extension (versions prior to 21.2.4) allows attackers to execute arbitrary commands on a developer's host when the developer hovers over and clicks a crafted JSDoc tooltip. The client trusts all rendered Markdown (isTrusted: true) while the language server fails to sanitize JSDoc content, enabling embedded command: URIs to fire from malicious source files or npm dependencies. No public exploit identified at time of analysis, but the supply-chain reach via npm packages makes this a notable developer-workstation risk.

XSS Node.js Angular +1
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Arbitrary code execution in the Angular Language Service VS Code extension prior to 21.2.4 allows attackers to silently run code on a developer's machine simply by having them open a malicious repository in VS Code. The extension reads the typescript.tsdk and js/ts.tsdk.path workspace settings without checking Workspace Trust, then require()s a tsserverlibrary.js file from that attacker-controlled path. No public exploit identified at time of analysis, though the patch diff in PR #68857 clearly illustrates the exploit primitive.

XSS Node.js Angular
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Code injection in @tinacms/cli versions prior to 2.4.3 allows an attacker who controls a Forestry-style project to achieve remote code execution on a developer's workstation when the `tinacms init` Forestry migration runs and the developer subsequently executes `tinacms dev` or `tinacms build`. The `addVariablesToCode` helper unquotes any value matching the marker `__TINA_INTERNAL__:::(.*?):::` placed in a stringified collection JSON, and user-supplied `label`/`name` fields from `.forestry/**/*.yml` are inserted into that JSON without sanitisation, yielding a top-level IIFE in the generated `tina/templates.ts`. A detailed end-to-end PoC is published in the GHSA-4936-9hrh-qqpw advisory; no public exploit identified at time of analysis beyond the disclosure PoC, and the CVE is not in CISA KEV.

Node.js Microsoft Code Injection +1
NVD GitHub
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Command injection in the @cyclonedx/cyclonedx-npm SBOM generator (versions >= 2.1.0, < 5.0.0) lets an attacker who controls the value passed to the --workspace CLI option execute arbitrary OS commands when the npm_execpath environment variable is unset or empty. In that fallback path the tool spawns a subshell and interpolates the workspace value into a command string without escaping, so shell metacharacters break out of the intended context and run with the invoking user's privileges. No public exploit identified at time of analysis, though the vendor fix PR ships a proof-of-concept-style regression test; the issue is not listed in CISA KEV and no EPSS score was provided.

Privilege Escalation Command Injection Node.js
NVD GitHub VulDB
CVSS 9.9
CRITICAL PATCH Act Now

Command injection in the Network-AI npm package (network-ai < 5.9.1) lets any agent or caller granted a wildcard allowlist entry such as `git *`, `npm *`, or `node *` execute arbitrary shell commands as the orchestrator process. The flaw stems from `SandboxPolicy.isCommandAllowed` glob-matching the entire command string while `ShellExecutor` runs it through `/bin/sh -c`, so shell metacharacters like `;`, `|`, and `$(...)` smuggle additional commands past the sandbox. A working PoC is published in the GHSA advisory, though there is no public exploit identified at time of analysis in the wild and no CISA KEV listing.

RCE Command Injection Node.js
NVD GitHub
CVSS 5.8
MEDIUM PATCH This Month

Unauthenticated SSRF in signalk-server ≤2.27.0 allows remote attackers to force the server to make arbitrary HTTP/HTTPS requests to any destination, including RFC 1918 private ranges, loopback, and cloud metadata services at 169.254.169.254. On default installations where no admin user has been created, the security middleware is a no-op, meaning all three vulnerable endpoints are completely unauthenticated over the network. A detailed public PoC is included in the GitHub advisory demonstrating internal network scanning, AWS IAM credential theft via IMDSv1, and path-traversal-assisted targeted data exfiltration; no CISA KEV listing is present at time of analysis.

Microsoft Docker Kubernetes +4
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Week

Arbitrary file write in HKUDS Nanobot's WhatsApp bridge (versions 0.1.5.post3 and prior) allows remote unauthenticated attackers to write attacker-controlled content to arbitrary filesystem locations by sending a WhatsApp document message with a path-traversal sequence in its fileName field. Because both the destination path and the file content are attacker-controlled, exploitation yields a write-anywhere primitive that can be escalated to remote code execution (e.g., by overwriting authorized_keys or shell startup files). No public exploit identified at time of analysis; a fix is planned for version 0.1.5.post4.

Path Traversal Node.js Nanobot
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Multipart form-data field injection in the npm package http-proxy-middleware (versions 3.0.4-3.0.6 and 4.0.0-4.1.0) lets remote attackers smuggle additional form parts past gateway-side validation by embedding CRLF sequences in body values, causing the proxy and backend to parse different field sets. The flaw lives in fixRequestBody's handlerFormDataBodyData helper, which concatenates user-controlled keys and values directly into the multipart wire format without neutralizing \r\n. Publicly available exploit code exists in the GHSA advisory, but no public exploit identified as actively used in the wild and no CISA KEV listing.

Authentication Bypass Node.js
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Prototype pollution in the Jodit WYSIWYG editor npm package (versions < 4.12.26) allows mutation of Object.prototype via the public helper API Jodit.modules.Helpers.set(). When an application passes user-controlled or partially user-controlled key paths to this function, an attacker can inject arbitrary properties into the global Object.prototype, enabling logic bypass, denial of service, or secondary security issues throughout the entire JavaScript runtime. A proof-of-concept is publicly available in the GitHub advisory (GHSA-vpmm-x3fm-qr5c); no public exploit identified at time of analysis beyond this PoC, and no CISA KEV listing exists.

Prototype Pollution Node.js Denial Of Service
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

Authentication bypass in Network-AI versions 5.7.1 and earlier allows unauthenticated remote attackers to invoke all 22 MCP tools on the SSE server because the default secret is empty and `_isAuthorized()` returns true when no secret is configured. Despite the partial fix for CVE-2026-46701 in 5.4.5 (which restricted CORS to localhost origins), any non-browser caller - curl, SSRF, or a service exposed via a 0.0.0.0 bind - can still call privileged operations like `config_set`, `agent_spawn`, `blackboard_write`, and token management with zero credentials. No public exploit identified at time of analysis, but the GHSA advisory includes annotated source-code locations that effectively serve as a roadmap for exploitation.

SSRF Authentication Bypass Node.js +1
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Stored cross-site scripting in Gitea 1.25.x affects the built-in 3D file viewer (Online3DViewer integration) where a crafted .gltf file with an unsupported extension name in extensionsRequired is rendered into the DOM via innerHTML without sanitization. Any low-privileged user who can push a file to a repository (including a public fork) can compromise the session of any user who later views the file, enabling token theft and full account takeover. Publicly available exploit code exists (a working PoC is included in the GHSA-9cpj-qc93-vw8v advisory); no public exploit identified at time of analysis in CISA KEV.

Gitea CSRF XSS +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Cross-tenant confidentiality breach in Daytona's notification WebSocket gateway (versions 0.101.0 through 0.184.0) allows any JWT-authenticated user to passively receive realtime event data belonging to a different organization by supplying an arbitrary organization UUID during the WebSocket handshake. The gateway's JWT authentication flow accepted the client-supplied organizationId and joined the corresponding notification room without verifying organizational membership, exposing sandbox, snapshot, volume, and runner events across tenant boundaries. No active exploitation has been confirmed (not listed in CISA KEV) and no public exploit code has been identified at time of analysis, but the attack is mechanically trivial for any authenticated user who can obtain a target organization's UUID.

Authentication Bypass Node.js
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Local privilege escalation in the Pi coding agent (npm packages @earendil-works/pi-coding-agent 0.74.0-0.78.0 and @mariozechner/pi-coding-agent 0.50.0-0.73.1) allows a co-resident attacker on a shared Linux host to pre-stage attacker-controlled extension code in a predictable `os.tmpdir()/pi-extensions` path that pi later loads as the victim user. No public exploit identified at time of analysis, but the issue was reported by CrowdStrike researchers and patched in 0.78.1 of the renamed package. Affects shared dev boxes, CI runners, and HPC login nodes; Windows/macOS default per-user temp directories typically avoid exposure.

Microsoft Apple Crowdstrike +4
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

BYONM module resolution in Deno (≤ 2.7.11) allows path traversal via crafted `package.json` `main` fields, bypassing the `--allow-read` permission sandbox that is central to Deno's security model. A malicious npm package installed under a BYONM `node_modules` tree can cause `require()` to read and return the parsed contents of arbitrary JSON files outside the directory scope granted by `--allow-read`, while a direct `Deno.readTextFileSync()` call to the same path would be correctly blocked. No active exploitation is confirmed (not in CISA KEV), but a self-contained proof-of-concept was supplied by the reporter and is documented in the GitHub Security Advisory; real-world risk is meaningful in supply-chain scenarios where Deno's permission model is the primary isolation boundary.

Path Traversal Node.js
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Deno's Node.js compatibility TCP path (node:net.connect / node:http.request options form) fails to re-check network permissions against the resolved IP address, allowing numeric IPv4 aliases (e.g., decimal integer '2130706433' or hex '0x7f000001' for 127.0.0.1) to bypass --deny-net rules in Deno versions up to and including 2.7.14. Any code executing inside the Deno process - including supply-chain-compromised dependencies or attacker-controlled input - can reach explicitly denied destinations such as loopback services, private ranges, or cloud instance metadata endpoints by exploiting this pre-resolution-only permission check. No public exploit identified at time of analysis via CISA KEV, but publicly available exploit code exists (proof-of-concept published in GHSA-v8fw-85r8-5m23); fix is available in Deno 2.8.0.

Authentication Bypass Node.js
NVD GitHub
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Cryptographic primality validation in Deno's Node.js compatibility layer (versions <= 2.8.0) silently skips Miller-Rabin testing when `crypto.checkPrime`/`checkPrimeSync` is called with default options, causing crafted composites whose smallest prime factor exceeds 17,863 (e.g. 17,881 × 17,891) to be reported as prime. Remote attackers who control bignums fed into a victim Deno application can therefore smuggle composite values past validation, with no public exploit identified at time of analysis beyond the vendor-published reproducer.

Information Disclosure Microsoft OpenSSL +1
NVD GitHub
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Environment variable sanitization weakness in OpenClaw prior to 2026.5.26 lets attackers smuggle Node.js control variables (such as NODE_OPTIONS) past the host environment sanitizer, enabling them to influence child-process behavior and coverage output paths. Affected attackers must have write access to workspace .env files, tool environment overrides, or skill environment blocks, and no public exploit is identified at time of analysis. The flaw was reported by VulnCheck and is tracked under CWE-184 (Incomplete List of Disallowed Inputs).

Authentication Bypass Node.js Openclaw
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Regex translation in the @astrojs/netlify adapter broadens Astro's image.remotePatterns beyond the intended allowlist when building for Netlify deployment, enabling unauthorized image fetches from apex hosts and deeper URL paths. Versions of @astrojs/netlify prior to 7.0.13 (confirmed vulnerable at 7.0.10) generate Netlify Image CDN regex patterns that make wildcard subdomains optional and omit end-anchoring on pathname segments, causing the Netlify CDN to accept URLs that Astro's canonical matcher would reject. Unauthenticated public requesters can exploit this to cause the Netlify Image CDN to fetch image-like resources from hosts or paths outside the developer's intended scope, constituting a partial SSRF bypass against the image proxy allowlist. No active exploitation has been confirmed in CISA KEV, but a detailed reproduction is included in the GHSA advisory.

Canonical Node.js SSRF
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Reflected cross-site scripting in Astro framework (versions prior to 6.3.3) allows remote attackers to inject arbitrary HTML and execute JavaScript in victim browsers when an SSR-rendered page passes user-controlled input as a slot name to a component using a client:* directive. The flaw lives in the server renderer, which interpolates the slot name into a data-astro-template attribute without HTML escaping, enabling attribute-context breakout. No public exploit identified at time of analysis beyond the reporter's PoC in the GHSA advisory, and the issue is not listed in CISA KEV.

XSS Node.js
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Remote prototype pollution in i18next-http-middleware before 3.9.7 allows unauthenticated attackers to write to Object.prototype by submitting dotted request-body keys such as '__proto__.polluted' to the missingKeyHandler. The 3.9.3 denylist blocked only literal unsafe keys; downstream backends (notably i18next-fs-backend ≤ 2.6.5) that split missing-key strings on the configured keySeparator then walked these segments into an unguarded setPath(). No public exploit identified at time of analysis, but PoC payloads are embedded in the upstream security test suite.

Prototype Pollution Node.js Denial Of Service +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Unbounded memory allocation in @opentelemetry/core affects the W3CBaggagePropagator.extract() method, which fails to enforce W3C Baggage specification size limits (8,192 bytes, 180 entries) on the inbound parsing path - only the outbound inject() path was protected. Unauthenticated remote attackers can exploit this to cause partial availability degradation by sending oversized baggage headers, with elevated risk in non-HTTP transport contexts (messaging systems, custom TextMapGetter implementations) where Node.js's native 16 KB header cap does not apply. No public exploit code or CISA KEV listing exists; the CVSS 5.3 Medium score reflects the real-world constraint imposed by Node.js defaults on the dominant HTTP deployment pattern.

Node.js Java Denial Of Service
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Heap buffer under/overflow in Electron's Node.js Buffer API (versions 42.3.1 through 42.3.2) causes most apps to crash and may lead to incorrect buffer allocations resulting in unexpected truncation or memory corruption. No public exploit identified at time of analysis, but the CVSS 4.0 base score of 9.3 reflects network-reachable, unauthenticated memory corruption with high impact to confidentiality, integrity, and availability. Affects any Electron-based desktop application shipping the vulnerable runtime.

Node.js Buffer Overflow
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in Vitest Browser Mode (npm @vitest/browser 3.0.0-3.2.4, 4.0.0-4.1.7, 5.0.0-beta.0-5.0.0-beta.3) allows remote attackers to overwrite the project's vite.config.ts and execute arbitrary Node.js code on the host when the browser API server is bound to a network-reachable interface (e.g. --browser.api.host=0.0.0.0). The flaw stems from the cdp() API forwarding raw Chrome DevTools Protocol calls over the browser WebSocket RPC without honoring the allowWrite/allowExec gates that normally restrict Browser Mode. Publicly available exploit code exists in the GHSA-g8mr-85jm-7xhm advisory's step-by-step reproduction, though no CISA KEV listing has been issued.

Google Code Injection Node.js
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Tar parser interpretation differential in node-tar (npm `tar` package) <= 7.5.15 allows a crafted archive to present a different member list to node-tar than to GNU tar, libarchive, or Python tarfile, enabling security scanner evasion in pipelines that scan with one tool and extract with another. The flaw stems from node-tar incorrectly applying a PAX extended header's `size=` override to intermediary GNU long-name (`L`) and long-link (`K`) metadata headers, desynchronizing the stream cursor and causing node-tar to raise a checksum error and report zero members while reference parsers correctly extract files. A detailed, working proof-of-concept (Python stdlib only) is included in the advisory; no active exploitation (CISA KEV) has been confirmed at time of analysis, but the broad npm ecosystem blast radius - node-tar backs npm's own tarball handling - materially elevates real-world risk.

Python Information Disclosure Node.js +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NTLMv2 hash disclosure in the `launch-editor` NPM package (v2.14.0 and earlier) exposes developer credentials on Windows systems when an attacker-controlled UNC path is passed to the package's file-opening HTTP middleware. The attack is achievable by tricking a developer running a local development server such as Vite into visiting an attacker-controlled webpage that issues a cross-origin request to the local `__open-in-editor` endpoint with a crafted `\\attacker-host\share` UNC path, whereupon Windows automatically initiates NTLM authentication without any user prompt, transmitting the victim's NTLMv2 hash to the attacker's SMB server. Publicly available exploit code confirmed via the advisory PoC using Impacket smbserver.py and Responder lowers the barrier significantly; no active exploitation has been confirmed via CISA KEV at time of analysis.

RCE Microsoft Node.js
NVD GitHub
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

Arbitrary file disclosure in Vite's development server on Windows allows remote unauthenticated attackers to read sensitive files (such as `.env`, `*.pem`, `*.crt`) that are nominally protected by the `server.fs.deny` allowlist. The flaw stems from Windows-specific path-form quirks (NTFS Alternate Data Stream syntax `::$DATA` and 8.3 short filename aliases) that bypass deny-list normalization, and publicly available exploit code exists in the GHSA advisory. Only dev servers explicitly exposed to the network via `--host`/`server.host` are reachable.

Path Traversal Microsoft Node.js
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Quadratic CPU exhaustion in js-yaml (npm) versions 4.1.1 and earlier allows unauthenticated remote attackers to block a Node.js event loop for multiple seconds using a crafted YAML payload under 100 KB, resulting in denial of service. The flaw lies in the merge-key parser's failure to deduplicate repeated alias references before invoking per-key processing, producing O(K×M) work from O(K+M) input. A detailed proof-of-concept with reproducible timing benchmarks is publicly available via GitHub Security Advisory GHSA-h67p-54hq-rp68; no active exploitation is confirmed in CISA KEV at time of analysis.

Denial Of Service Apple Node.js
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Denial of service in Angular's @angular/common package allows attackers to exhaust CPU and memory by passing crafted digitsInfo strings (e.g., '1.200000000-200000000') to formatNumber, DecimalPipe, PercentPipe, or CurrencyPipe. On SSR deployments this crashes the Node.js process with a heap-out-of-memory error, while client-side rendering freezes the browser tab. No public exploit identified at time of analysis, though the patched code and triggering input strings are documented in PR #68840.

Node.js Google Denial Of Service
NVD GitHub HeroDevs VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting in Fabric.js (npm: fabric) versions prior to 7.4.0 is triggered when applications export canvas content via `canvas.toSVG()` and render the result into the DOM using `innerHTML`. The `color` field within `colorStops` of a `fabric.Gradient` object is inserted into SVG `<stop>` elements without escaping `"`, `<`, or `>`, allowing crafted input to break attribute context and inject arbitrary HTML. A working proof-of-concept is publicly confirmed against v7.2.0; no active exploitation appears in CISA KEV, and the EPSS score of 0.04% reflects low observed exploitation breadth consistent with the chained conditions required.

XSS Information Disclosure Node.js
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL Act Now

Prototype pollution in ApostropheCMS versions up to and including 4.30.0 allows an authenticated editor to poison Object.prototype via the $pullAll patch operator, ultimately bypassing authorization on all piece-type REST API endpoints for unauthenticated requests until the Node.js process restarts. The flaw stems from apos.util.set() failing to sanitize __proto__ in dot-notation paths, and no public exploit identified at time of analysis but the advisory describes a confirmed exploitation gadget in publicApiCheck(). No vendor-released patch identified at time of analysis, making this an open-window risk for any internet-exposed editor account.

Prototype Pollution Authentication Bypass Node.js +1
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Week

Stored cross-site scripting in the @apostrophecms/seo plugin (versions ≤1.4.2) allows any user holding the default editor role to inject arbitrary JavaScript that executes in every visitor's browser. The seoGoogleTrackingId and seoGoogleTagManager fields are interpolated directly into inline <script> tag bodies via template literals with no sanitization, turning legitimate analytics configuration into a persistent payload delivery channel. No public exploit identified at time of analysis, and no vendor-released patch identified at time of analysis.

Google XSS Node.js +1
NVD GitHub
EPSS 0% CVSS 3.7
LOW Monitor

Server-Side Request Forgery in ApostropheCMS through version 4.30.0 allows unauthenticated remote attackers to pivot the Node.js application process into issuing outbound HTTP requests to arbitrary hosts on the internal network when the `prettyUrls` SEO feature is explicitly enabled on the `@apostrophecms/file` module. The attack exploits the raw `Host` HTTP request header, which the pretty-URL handler uses verbatim to construct and `fetch()` an upstream URL, streaming the full HTTP response - status code, headers, and body - back to the requester. Practical impact is constrained to blind SSRF (network-topology probing via response-code and timing oracles, and verbose proxy or WAF error-body disclosure) rather than arbitrary data exfiltration; no patch exists at time of publication and no public exploit has been identified.

Node.js SSRF Apostrophe
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting in sanitize-html prior to 2.17.5 allows low-privileged attackers to inject executable `javascript:` URIs through HTML attributes that the library's scheme-blocking logic never inspects. The `naughtyHref()` function gates dangerous URI schemes only for attributes listed in `allowedSchemesAppliedToAttributes` (defaulting to `href`, `src`, and `cite`), leaving attributes such as `action`, `formaction`, `data`, `poster`, `background`, `ping`, `xlink:href`, `dynsrc`, and `lowsrc` entirely unchecked. Applications that explicitly permit any of these attributes in their sanitize-html configuration are vulnerable; no public exploit code has been identified at time of analysis, and this CVE is not currently listed in CISA KEV.

XSS Node.js Sanitize Html
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Stored cross-site scripting in ApostropheCMS up to and including version 4.29.0 allows an attacker who controls a user account to inject malicious script into the draft version tooltip via an unsanitized display name field. Any editor or administrator who subsequently views that tooltip in the CMS backend will execute the attacker's payload in their browser, enabling session hijacking or unauthorized action execution. No public exploit has been identified at time of analysis and no patched version is available per the vendor advisory.

XSS Node.js Apostrophe
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Unauthenticated relation membership disclosure in Parse Server allows any client holding only standard public API credentials to read objects linked through a Relation field that is explicitly hidden by protectedFields, or linked to a parent object that is inaccessible under its ACL or class-level permissions. By supplying only a known or guessed owning object's objectId, a remote unauthenticated caller can enumerate all objects in a protected relation or use the $relatedTo operator as a membership oracle - confirming whether a specific child object is privately linked to a given parent. This directly undermines applications that use Parse Server's access control primitives to protect sensitive relationships such as private group memberships, block lists, or account-to-resource associations. No public exploit identified at time of analysis; vendor-released patches exist at versions 8.6.80 and 9.9.1-alpha.6.

Authentication Bypass Node.js Oracle +1
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Parse Server 9.8.0-9.9.0 exposes raw MFA TOTP secrets and recovery codes through the /verifyPassword and /login endpoints when the _User class-level permission (CLP) is configured to deny get operations. An attacker with knowledge of a victim's username and password can call /verifyPassword without a session token or MFA token and receive the victim's plaintext TOTP secret and recovery codes in the response, completely defeating the second authentication factor. No public exploit has been identified at time of analysis; a patch exists in version 9.9.1-alpha.5, and the EPSS score of 0.04% (13th percentile) reflects limited opportunistic exploitation so far.

Information Disclosure Node.js Parse Server
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Stored XSS in Parse Server is achievable by authenticated users who bypass the file upload extension blocklist by appending a trailing dot to a blocked filename (e.g., `poc.svg.`), causing the extension parser to return an empty string and skip the block check. The attacker-supplied Content-Type is forwarded unchanged to cloud storage adapters (S3, GCS), which persist and serve the file under that active MIME type - enabling script execution in a victim's browser when the file URL is opened. No active exploitation is confirmed (not in CISA KEV, EPSS 0.05% at 15th percentile), but the attack mechanism is low-complexity and fully documented in the vendor's fix PRs. Patches are available in versions 8.6.79 and 9.9.1-alpha.4.

File Upload XSS Node.js +1
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Parse Server's operator-configured route firewall (`routeAllowList`) is bypassed in versions 9.8.0 through 9.9.1-alpha.3 when external clients POST to the `/batch` endpoint with sub-requests targeting routes the operator intended to block. The Express middleware enforcing the allow-list runs only against the outer HTTP request URL; the `/batch` handler dispatches each embedded sub-request to the internal router without re-running that check. Inner authorization controls - Parse authentication, ACL, and CLP - remain in effect, bounding actual data exposure to whatever those controls permit, but the route-level security boundary is defeated entirely. No public exploit has been identified and EPSS is 0.08%, though operators relying on `routeAllowList` as a primary access-control layer are directly and materially affected.

Authentication Bypass Node.js Parse Server
NVD GitHub VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Sandbox escape leading to remote code execution affects KanaDojo (lingdojo/kana-dojo) before version 0.1.18, where the issue-auto-respond.yml GitHub Actions workflow passes the global require function into a Node.js vm.runInNewContext() sandbox. An attacker submitting a pull request that modifies messages.cjs can load arbitrary Node.js modules from within the sandbox and gain code execution on the Actions runner with access to AUTOMATION_PR_TOKEN. No public exploit identified at time of analysis, though the VulnCheck advisory documents the exploitation primitive in detail.

RCE Node.js Kana Dojo
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

Path traversal in node-tmp 0.2.6 allows remote attackers to create files or directories outside the temp directory by supplying non-string `prefix`, `postfix`, or `template` values (arrays, Buffers, or objects) whose `includes('..')` check returns falsy but whose string coercion contains `../`. The 0.2.6 `_assertPath` guard checks only strings, so JSON body fields or `qs`-parsed bracket arrays such as `?prefix[]=..` bypass it and write at attacker-controlled paths with host-process privileges. No public exploit identified at time of analysis, but the bypass pattern is trivial and the library is widely used in Node.js applications.

Authentication Bypass Node.js Node Tmp +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Code injection in OpenZeppelin Contracts Wizard's `@openzeppelin/wizard` npm package (<=0.10.8) allows attacker-supplied strings passed through `opts.name` or `opts.uri` into the `zipHardhat`/`zipFoundry` helpers to break out of string literals inside generated Hardhat and Foundry test scaffolding, leading to arbitrary code execution on the developer's machine when `npm test` or `forge test` is run. No public exploit is identified at time of analysis, but a vendor advisory and patched commit are public via GitHub Security Advisory GHSA-4x76-22x2-rx8v.

Node.js Code Injection RCE
NVD GitHub
EPSS 0% CVSS 8.7
HIGH POC PATCH Monitor

Denial of service in the image-size Node.js library through version 2.0.2 allows remote unauthenticated attackers to permanently hang the Node.js event loop by supplying a crafted JXL or HEIF image containing a box with a zero-valued size field. Publicly available exploit code exists and an upstream fix has been merged, making this a credible availability threat for any service that accepts user-supplied images and runs them through image-size. No active exploitation has been reported in CISA KEV at time of analysis.

Denial Of Service Node.js Image Size +2
NVD GitHub
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

Denial of service in the image-size Node.js library (versions up to and including 2.0.2) allows remote unauthenticated attackers to permanently stall the Node.js event loop by submitting a malformed ICNS image. The flaw stems from an infinite loop in the ICNS parser when an entry length field is zero, and publicly available exploit code exists per VulnCheck and an independent write-up; no public exploit identified at time of analysis indicates active exploitation, but the POC makes weaponization trivial.

Denial Of Service Node.js Image Size +2
NVD GitHub VulDB
Page 1 of 12 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy