| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `nodefabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `fabric-js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `node-fabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `mariadb` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| Shout is an IRC client. Because the `/topic` command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout >=0.44.0 <=0.49.3. |
| Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution. |
| ikst versions before 1.1.2 download resources over HTTP, which leaves it vulnerable to MITM attacks. |
| gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. |
