|
195181
|
7.5 |
HIGH
Network
|
path-parse_project
|
path-parse
|
All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-…
|
NVD-CWE-noinfo
|
CVE-2021-23343
|
2024-11-21 14:51 |
2021-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195182
|
5.3 |
MEDIUM
Network
|
browserslist_project
|
browserslist
|
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2021-23364
|
2024-11-21 14:51 |
2021-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195183
|
7.5 |
HIGH
Network
|
postcss
|
postcss
|
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused …
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2021-23382
|
2024-11-21 14:51 |
2021-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195184
|
9.1 |
CRITICAL
Network
|
tyk
|
tyk-identity-broker
|
The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the X…
|
CWE-287
Improper Authentication
|
CVE-2021-23365
|
2024-11-21 14:51 |
2021-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195185
|
9.8 |
CRITICAL
Network
|
killing_project
|
killing
|
This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec fu…
|
CWE-78
OS Command
|
CVE-2021-23381
|
2024-11-21 14:51 |
2021-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195186
|
7.3 |
HIGH
Network
|
roar-pidusage_project
|
roar-pidusage
|
This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to exe…
|
CWE-78
OS Command
|
CVE-2021-23380
|
2024-11-21 14:51 |
2021-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195187
|
9.8 |
CRITICAL
Network
|
portkiller_project
|
portkiller
|
This affects all versions of package portkiller. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process ex…
|
CWE-78
OS Command
|
CVE-2021-23379
|
2024-11-21 14:51 |
2021-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195188
|
9.8 |
CRITICAL
Network
|
picotts_project
|
picotts
|
This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the c…
|
CWE-78
OS Command
|
CVE-2021-23378
|
2024-11-21 14:51 |
2021-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195189
|
9.8 |
CRITICAL
Network
|
onion-oled-js_project
|
onion-oled-js
|
This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use…
|
CWE-78
OS Command
|
CVE-2021-23377
|
2024-11-21 14:51 |
2021-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195190
|
9.8 |
CRITICAL
Network
|
ffmpegdotjs_project
|
ffmpegdotjs
|
This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to us…
|
CWE-78
OS Command
|
CVE-2021-23376
|
2024-11-21 14:51 |
2021-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
