| Max CVSS | 7.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-8315 | 7.8 |
The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
|
01-08-2024 - 13:41 | 23-01-2017 - 21:59 | |
| CVE-2015-8854 | 7.8 |
The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (
|
09-02-2024 - 03:01 | 23-01-2017 - 21:59 | |
| CVE-2015-8856 | 4.3 |
Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name.
|
26-09-2023 - 20:10 | 23-01-2017 - 21:59 | |
| CVE-2015-8859 | 5.0 |
The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors.
|
12-09-2023 - 19:42 | 23-01-2017 - 21:59 | |
| CVE-2016-4055 | 7.8 |
The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."
|
06-06-2022 - 17:18 | 23-01-2017 - 21:59 | |
| CVE-2015-8857 | 7.5 |
The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging imp
|
28-10-2021 - 15:05 | 23-01-2017 - 21:59 | |
| CVE-2015-8861 | 4.3 |
The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
|
22-04-2020 - 12:54 | 23-01-2017 - 21:59 | |
| CVE-2014-9772 | 4.3 |
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.
|
29-03-2017 - 01:59 | 23-01-2017 - 21:59 | |
| CVE-2015-8858 | 7.8 |
The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)."
|
02-03-2017 - 02:59 | 23-01-2017 - 21:59 | |
| CVE-2015-8862 | 4.3 |
mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
|
02-03-2017 - 02:59 | 23-01-2017 - 21:59 | |
| CVE-2015-8855 | 7.8 |
The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
|
26-01-2017 - 19:33 | 23-01-2017 - 21:59 | |
| CVE-2015-8860 | 5.0 |
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.
|
24-01-2017 - 16:13 | 23-01-2017 - 21:59 | |
| CVE-2013-7453 | 4.3 |
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.
|
24-01-2017 - 15:25 | 23-01-2017 - 21:59 | |
| CVE-2013-7454 | 4.3 |
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.
|
24-01-2017 - 15:25 | 23-01-2017 - 21:59 | |
| CVE-2013-7452 | 4.3 |
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI.
|
24-01-2017 - 15:23 | 23-01-2017 - 21:59 | |
| CVE-2013-7451 | 4.3 |
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag.
|
24-01-2017 - 15:12 | 23-01-2017 - 21:59 |