Vulnerabilidades em HackerOne
470 resultadosCVE-2017-16080—nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.1%CVE-2017-16078—shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.1%CVE-2017-16059—mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.1%CVE-2017-16073—noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.1%CVE-2017-16111—The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The moduleEPSS 1.1%CVE-2016-10579—Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver before 2.26.1 downloads binary resources over HTTP, which leaves it vEPSS 1.1%CVE-2016-10565—operadriver is a Opera Driver for Selenium. operadriver versions below 0.2.3 download binary resources over HTTP, which leaves it vulnerableEPSS 1.1%CVE-2016-10557—appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the modEPSS 1.1%CVE-2016-10564—apk-parser is a tool to extract Android Manifest info from an APK file. apk-parser versions below 0.1.6 download binary resources over HTTP,EPSS 1.1%CVE-2017-16061—tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.1%CVE-2018-16490—A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.protEPSS 1.1%CVE-2016-10521—jshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress vEPSS 1.1%CVE-2017-16062—node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.1%CVE-2016-10596—imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulEPSS 1.1%CVE-2017-0931—html-janitor node module suffers from a Cross-Site Scripting (XSS) vulnerability via clean() accepting user-controlled values.EPSS 1.1%CVE-2018-3726—crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.EPSS 1.0%CVE-2015-9243—When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher leveEPSS 1.0%CVE-2017-0928—html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variableEPSS 1.0%CVE-2017-16010—i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will EPSS 1.0%CVE-2017-16043—Shout is an IRC client. Because the `/topic` command in messages is unescaped, attackers have the ability to inject HTML scripts that will rEPSS 1.0%