SecAlerts
CVE ListPricingSign Up
openjsf logo

openjsf

Security Risk Profile

54
/100
medium

Security Risk Score

Comprehensive risk assessment based on 17 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from March 18, 2015 to present

17
Total CVEs
9
Critical+High
0
Exploited
0
Unpatched

Threat Assessment

Avg CVSS
6.7
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
0
Critical/High
Risk Level
54/100
medium
📈 1 in Last 30 Days

Severity Distribution

Critical
1
High
8
Medium
8
Low
0

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
5

Age Distribution

Common Weaknesses (CWE)

1
XSS
5
2
OS Command Injection
2
3
Command Injection
1
4
Path Traversal
1
5
Infoleak
1

Most Affected Products

1. Openjsf Express Node.js26
2. Openjsf Express15
3. redhat/qs10
4. Qs Project Qs Node.js9
5. npm/qs9

Recent Vulnerabilities

See more →
CVE-2026-10796
CVSS 7.5high

nvm executes commands from a malicious Node.js mirror's version strings

6/4/2026
CVE-2026-25244
CVSS 9.8critical

WebdriverIO has Command Injection in the BrowserStack Service

5/11/2026
CVE-2026-6322
CVSS 7.5EPSS 0%high

fast-uri vulnerable to host confusion via percent-encoded authority delimiters

5/5/2026
CVE-2026-6321
CVSS 7.5EPSS 0%high

fast-uri vulnerable to path traversal via percent-encoded dot segments

5/4/2026
CVE-2025-50537
CVSS 5.5medium
1/26/2026
CVE-2025-57349
CVSS 7.5high
9/24/2025
CVE-2024-10491
CVSS 5.3medium

Preload arbitrary resources by injecting additional `Link` headers

10/29/2024
CVE-2024-45590
CVSS 7.5high

body-parser vulnerable to denial of service when url encoding is enabled

9/10/2024
CVE-2024-43800
CVSS 5.0medium

serve-static affected by template injection that can lead to XSS

9/10/2024
CVE-2024-43796
CVSS 5.0medium

express vulnerable to XSS via response.redirect()

9/10/2024

Monitor openjsf in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.