The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed. Date published : 2018-06-06 https://github.com/get/parsejson/issues/4 https://nodesecurity.io/advisories/528
The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed...
weather.swlyons is a simple web server for weather updates. weather.swlyons is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Date published : 2018-06-06...
easyquick is a simple web server. easyquick is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Access is constrained, however, to supported file...
gaoxiaotingtingting is an HTTP server. gaoxiaotingtingting is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Date published : 2018-06-06 https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/static-html-server https://nodesecurity.io/advisories/377
pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Date published : 2018-06-06 https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/pooledwebsocket https://nodesecurity.io/advisories/341
tmock is a static file server. tmock is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Date published : 2018-06-06 https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/tmock https://nodesecurity.io/advisories/375
serverwzl is a simple http server. serverwzl is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. Date published : 2018-06-06 https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/serverwzl https://nodesecurity.io/advisories/363
citypredict.whauwiller is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Date published : 2018-06-06 https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/citypredict.whauwiller https://nodesecurity.io/advisories/370
serveryztyzt is a simple http server. serveryztyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. Date published : 2018-06-06 https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/serveryztyzt https://nodesecurity.io/advisories/354
serverhuwenhui is a simple http server. serverhuwenhui is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. Date published : 2018-06-06 https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/serverhuwenhui https://nodesecurity.io/advisories/366
serverwg is a simple http server. serverwg is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. Date published : 2018-06-06 https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/serverwg https://nodesecurity.io/advisories/364
dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible. Date published : 2018-06-06 https://github.com/skoranga/node-dns-sync/issues/5 https://nodesecurity.io/advisories/523
The no-case module is vulnerable to regular expression denial of service. When malicious untrusted user input is passed into no-case it can block the event loop causing a denial of service condition. Date published...